From 793ccf9aba4b68c6636e7cd19f6eb9508abdef64 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Sat, 29 Jun 2024 23:38:29 +0100 Subject: [PATCH 01/10] add cwe infos to all crossplane queries --- .../crossplane/aws/cloudfront_logging_disabled/metadata.json | 2 +- .../cloudfront_without_minimum_protocol_tls_1.2/metadata.json | 2 +- .../crossplane/aws/cloudfront_without_waf/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/db_instance_storage_not_encrypted/metadata.json | 2 +- .../aws/db_security_group_has_public_interface/metadata.json | 2 +- .../crossplane/aws/docdb_logging_disabled/metadata.json | 2 +- .../ecs_cluster_with_container_insights_disabled/metadata.json | 3 ++- assets/queries/crossplane/aws/efs_not_encrypted/metadata.json | 2 +- assets/queries/crossplane/aws/efs_without_kms/metadata.json | 2 +- .../crossplane/aws/elb_using_weak_ciphers/metadata.json | 2 +- .../neptune_database_cluster_encryption_disabled/metadata.json | 2 +- .../aws/rds_db_instance_publicly_accessible/metadata.json | 2 +- .../queries/crossplane/aws/sqs_with_sse_disabled/metadata.json | 2 +- .../queries/crossplane/azure/aks_rbac_disabled/metadata.json | 2 +- .../azure/redis_cache_allows_non_ssl_connections/metadata.json | 2 +- .../gcp/cloud_storage_bucket_logging_not_enabled/metadata.json | 2 +- .../metadata.json | 2 +- 18 files changed, 19 insertions(+), 18 deletions(-) diff --git a/assets/queries/crossplane/aws/cloudfront_logging_disabled/metadata.json b/assets/queries/crossplane/aws/cloudfront_logging_disabled/metadata.json index f65591bcd9f..5f184c06363 100644 --- a/assets/queries/crossplane/aws/cloudfront_logging_disabled/metadata.json +++ b/assets/queries/crossplane/aws/cloudfront_logging_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "Crossplane", "descriptionID": "48cd0b5a", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/cloudfront_without_minimum_protocol_tls_1.2/metadata.json b/assets/queries/crossplane/aws/cloudfront_without_minimum_protocol_tls_1.2/metadata.json index 07222d6bc85..c589ffb69b1 100644 --- a/assets/queries/crossplane/aws/cloudfront_without_minimum_protocol_tls_1.2/metadata.json +++ b/assets/queries/crossplane/aws/cloudfront_without_minimum_protocol_tls_1.2/metadata.json @@ -8,6 +8,6 @@ "platform": "Crossplane", "descriptionID": "11cca65a", "cloudProvider": "aws", - "cwe": "", + "cwe": "326", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/cloudfront_without_waf/metadata.json b/assets/queries/crossplane/aws/cloudfront_without_waf/metadata.json index b61de67684e..1b2d3dceaba 100644 --- a/assets/queries/crossplane/aws/cloudfront_without_waf/metadata.json +++ b/assets/queries/crossplane/aws/cloudfront_without_waf/metadata.json @@ -8,6 +8,6 @@ "platform": "Crossplane", "descriptionID": "c5493606", "cloudProvider": "aws", - "cwe": "", + "cwe": "285", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/cloudwatch_without_retention_period_specified/metadata.json b/assets/queries/crossplane/aws/cloudwatch_without_retention_period_specified/metadata.json index 611acb8984a..d254a94571f 100644 --- a/assets/queries/crossplane/aws/cloudwatch_without_retention_period_specified/metadata.json +++ b/assets/queries/crossplane/aws/cloudwatch_without_retention_period_specified/metadata.json @@ -8,6 +8,6 @@ "platform": "Crossplane", "descriptionID": "9ce0c6f8", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/db_instance_storage_not_encrypted/metadata.json b/assets/queries/crossplane/aws/db_instance_storage_not_encrypted/metadata.json index 2bdaff601e0..b849b5be1fa 100644 --- a/assets/queries/crossplane/aws/db_instance_storage_not_encrypted/metadata.json +++ b/assets/queries/crossplane/aws/db_instance_storage_not_encrypted/metadata.json @@ -8,5 +8,5 @@ "platform": "Crossplane", "descriptionID": "e40c8a7e", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/db_security_group_has_public_interface/metadata.json b/assets/queries/crossplane/aws/db_security_group_has_public_interface/metadata.json index df07f5a179a..1ce858d4abf 100644 --- a/assets/queries/crossplane/aws/db_security_group_has_public_interface/metadata.json +++ b/assets/queries/crossplane/aws/db_security_group_has_public_interface/metadata.json @@ -8,5 +8,5 @@ "platform": "Crossplane", "descriptionID": "c26de1ff", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/docdb_logging_disabled/metadata.json b/assets/queries/crossplane/aws/docdb_logging_disabled/metadata.json index 55ff5c8bb74..e827296e80c 100644 --- a/assets/queries/crossplane/aws/docdb_logging_disabled/metadata.json +++ b/assets/queries/crossplane/aws/docdb_logging_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "Crossplane", "descriptionID": "60b6794e", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/ecs_cluster_with_container_insights_disabled/metadata.json b/assets/queries/crossplane/aws/ecs_cluster_with_container_insights_disabled/metadata.json index d9ad876d045..1a4f2150fa7 100644 --- a/assets/queries/crossplane/aws/ecs_cluster_with_container_insights_disabled/metadata.json +++ b/assets/queries/crossplane/aws/ecs_cluster_with_container_insights_disabled/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://doc.crds.dev/github.com/crossplane/provider-aws/ecs.aws.crossplane.io/Cluster/v1alpha1@v0.42.0#spec-forProvider-settings", "platform": "Crossplane", "descriptionID": "a6911ebd", - "cloudProvider": "aws" + "cloudProvider": "aws", + "cwe": "778" } diff --git a/assets/queries/crossplane/aws/efs_not_encrypted/metadata.json b/assets/queries/crossplane/aws/efs_not_encrypted/metadata.json index 72fb751aa42..6fe67fbc68a 100644 --- a/assets/queries/crossplane/aws/efs_not_encrypted/metadata.json +++ b/assets/queries/crossplane/aws/efs_not_encrypted/metadata.json @@ -8,5 +8,5 @@ "platform": "Crossplane", "descriptionID": "de7bf263", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/efs_without_kms/metadata.json b/assets/queries/crossplane/aws/efs_without_kms/metadata.json index d70b287539e..39cba4a2a17 100644 --- a/assets/queries/crossplane/aws/efs_without_kms/metadata.json +++ b/assets/queries/crossplane/aws/efs_without_kms/metadata.json @@ -8,6 +8,6 @@ "platform": "Crossplane", "descriptionID": "2643a873", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/elb_using_weak_ciphers/metadata.json b/assets/queries/crossplane/aws/elb_using_weak_ciphers/metadata.json index 27a13f236cc..707bebf0355 100644 --- a/assets/queries/crossplane/aws/elb_using_weak_ciphers/metadata.json +++ b/assets/queries/crossplane/aws/elb_using_weak_ciphers/metadata.json @@ -8,5 +8,5 @@ "platform": "Crossplane", "descriptionID": "53318133", "cloudProvider": "aws", - "cwe": "" + "cwe": "326" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/neptune_database_cluster_encryption_disabled/metadata.json b/assets/queries/crossplane/aws/neptune_database_cluster_encryption_disabled/metadata.json index 5933bd2178b..fa911329ea3 100644 --- a/assets/queries/crossplane/aws/neptune_database_cluster_encryption_disabled/metadata.json +++ b/assets/queries/crossplane/aws/neptune_database_cluster_encryption_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "Crossplane", "descriptionID": "f7998100", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/rds_db_instance_publicly_accessible/metadata.json b/assets/queries/crossplane/aws/rds_db_instance_publicly_accessible/metadata.json index a8a6423c6f6..2df853c1637 100644 --- a/assets/queries/crossplane/aws/rds_db_instance_publicly_accessible/metadata.json +++ b/assets/queries/crossplane/aws/rds_db_instance_publicly_accessible/metadata.json @@ -8,6 +8,6 @@ "platform": "Crossplane", "descriptionID": "d7566b63", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/crossplane/aws/sqs_with_sse_disabled/metadata.json b/assets/queries/crossplane/aws/sqs_with_sse_disabled/metadata.json index 006e1898535..5dcfea0ca57 100644 --- a/assets/queries/crossplane/aws/sqs_with_sse_disabled/metadata.json +++ b/assets/queries/crossplane/aws/sqs_with_sse_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "Crossplane", "descriptionID": "ed3868e0", "cloudProvider": "aws", - "cwe": "" + "cwe": "319" } \ No newline at end of file diff --git a/assets/queries/crossplane/azure/aks_rbac_disabled/metadata.json b/assets/queries/crossplane/azure/aks_rbac_disabled/metadata.json index 97c12c9c90b..35ea7555737 100644 --- a/assets/queries/crossplane/azure/aks_rbac_disabled/metadata.json +++ b/assets/queries/crossplane/azure/aks_rbac_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "Crossplane", "descriptionID": "b9f4440e", "cloudProvider": "azure", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/crossplane/azure/redis_cache_allows_non_ssl_connections/metadata.json b/assets/queries/crossplane/azure/redis_cache_allows_non_ssl_connections/metadata.json index 46a3aa51d65..1c51935be46 100644 --- a/assets/queries/crossplane/azure/redis_cache_allows_non_ssl_connections/metadata.json +++ b/assets/queries/crossplane/azure/redis_cache_allows_non_ssl_connections/metadata.json @@ -8,5 +8,5 @@ "platform": "Crossplane", "descriptionID": "d7cbff51", "cloudProvider": "azure", - "cwe": "" + "cwe": "250" } \ No newline at end of file diff --git a/assets/queries/crossplane/gcp/cloud_storage_bucket_logging_not_enabled/metadata.json b/assets/queries/crossplane/gcp/cloud_storage_bucket_logging_not_enabled/metadata.json index e71f752d9b7..af133c825ec 100644 --- a/assets/queries/crossplane/gcp/cloud_storage_bucket_logging_not_enabled/metadata.json +++ b/assets/queries/crossplane/gcp/cloud_storage_bucket_logging_not_enabled/metadata.json @@ -8,6 +8,6 @@ "platform": "Crossplane", "descriptionID": "49295adb", "cloudProvider": "gcp", - "cwe": "", + "cwe": "778", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/crossplane/gcp/google_container_node_pool_auto_repair_disabled/metadata.json b/assets/queries/crossplane/gcp/google_container_node_pool_auto_repair_disabled/metadata.json index a7f0b9e3acd..1c935cb1585 100644 --- a/assets/queries/crossplane/gcp/google_container_node_pool_auto_repair_disabled/metadata.json +++ b/assets/queries/crossplane/gcp/google_container_node_pool_auto_repair_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "Crossplane", "descriptionID": "bc1c198b", "cloudProvider": "gcp", - "cwe": "" + "cwe": "703" } \ No newline at end of file From aa6235a572f00f64867ae17c0f6919887d1007b9 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Mon, 1 Jul 2024 09:49:19 +0100 Subject: [PATCH 02/10] add CWE infos to pulumi queries --- .../metadata.json | 2 +- .../aws/api_gateway_access_logging_disabled/metadata.json | 2 +- .../aws/api_gateway_without_ssl_certificate/metadata.json | 2 +- assets/queries/pulumi/aws/docdb_logging_disabled/metadata.json | 2 +- .../pulumi/aws/dynamodb_table_not_encrypted/metadata.json | 2 +- .../metadata.json | 2 +- .../pulumi/aws/ec2_instance_monitoring_disabled/metadata.json | 2 +- assets/queries/pulumi/aws/ec2_not_ebs_optimized/metadata.json | 2 +- .../aws/ecs_cluster_container_insights_disabled/metadata.json | 3 ++- .../metadata.json | 2 +- .../aws/elasticache_redis_cluster_without_backup/metadata.json | 2 +- .../pulumi/aws/elasticsearch_logs_disabled/metadata.json | 2 +- .../pulumi/aws/elasticsearch_with_https_disabled/metadata.json | 2 +- .../aws/iam_password_without_minimum_length/metadata.json | 2 +- .../aws/rds_db_instance_publicly_accessible/metadata.json | 2 +- .../azure/redis_cache_allows_non_ssl_connections/metadata.json | 2 +- .../azure/storage_account_not_forcing_https/metadata.json | 2 +- .../gcp/cloud_storage_bucket_logging_not_enabled/metadata.json | 2 +- .../google_compute_ssl_policy_weak_cipher_in_use/metadata.json | 2 +- 19 files changed, 20 insertions(+), 19 deletions(-) diff --git a/assets/queries/pulumi/aws/amazon_dms_replication_instance_is_publicly_accessible/metadata.json b/assets/queries/pulumi/aws/amazon_dms_replication_instance_is_publicly_accessible/metadata.json index 59f3336b1f8..d863edd070c 100644 --- a/assets/queries/pulumi/aws/amazon_dms_replication_instance_is_publicly_accessible/metadata.json +++ b/assets/queries/pulumi/aws/amazon_dms_replication_instance_is_publicly_accessible/metadata.json @@ -8,6 +8,6 @@ "platform": "Pulumi", "descriptionID": "fdd6a212", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/api_gateway_access_logging_disabled/metadata.json b/assets/queries/pulumi/aws/api_gateway_access_logging_disabled/metadata.json index 78fe95468e7..a96b5a8fd7c 100644 --- a/assets/queries/pulumi/aws/api_gateway_access_logging_disabled/metadata.json +++ b/assets/queries/pulumi/aws/api_gateway_access_logging_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "Pulumi", "descriptionID": "5feb747f", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/api_gateway_without_ssl_certificate/metadata.json b/assets/queries/pulumi/aws/api_gateway_without_ssl_certificate/metadata.json index f6c6e3eaefe..a2d14a97927 100644 --- a/assets/queries/pulumi/aws/api_gateway_without_ssl_certificate/metadata.json +++ b/assets/queries/pulumi/aws/api_gateway_without_ssl_certificate/metadata.json @@ -8,5 +8,5 @@ "platform": "Pulumi", "descriptionID": "f7ced1f3", "cloudProvider": "aws", - "cwe": "" + "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/docdb_logging_disabled/metadata.json b/assets/queries/pulumi/aws/docdb_logging_disabled/metadata.json index 7ff3fb6f19e..f565b35b936 100644 --- a/assets/queries/pulumi/aws/docdb_logging_disabled/metadata.json +++ b/assets/queries/pulumi/aws/docdb_logging_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "Pulumi", "descriptionID": "c5bd58cd", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/dynamodb_table_not_encrypted/metadata.json b/assets/queries/pulumi/aws/dynamodb_table_not_encrypted/metadata.json index fc7e65d889c..6c4e8f2ca13 100644 --- a/assets/queries/pulumi/aws/dynamodb_table_not_encrypted/metadata.json +++ b/assets/queries/pulumi/aws/dynamodb_table_not_encrypted/metadata.json @@ -8,6 +8,6 @@ "platform": "Pulumi", "descriptionID": "fb6a0c51", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/dynamodb_table_point_in_time_recovery_disabled/metadata.json b/assets/queries/pulumi/aws/dynamodb_table_point_in_time_recovery_disabled/metadata.json index e86bba7b049..8c8911fa446 100644 --- a/assets/queries/pulumi/aws/dynamodb_table_point_in_time_recovery_disabled/metadata.json +++ b/assets/queries/pulumi/aws/dynamodb_table_point_in_time_recovery_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "Pulumi", "descriptionID": "6ff56c6e", "cloudProvider": "aws", - "cwe": "", + "cwe": "459", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/ec2_instance_monitoring_disabled/metadata.json b/assets/queries/pulumi/aws/ec2_instance_monitoring_disabled/metadata.json index 35f3917863a..6483a767441 100644 --- a/assets/queries/pulumi/aws/ec2_instance_monitoring_disabled/metadata.json +++ b/assets/queries/pulumi/aws/ec2_instance_monitoring_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "Pulumi", "descriptionID": "7f96d3ac", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "INFO" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/ec2_not_ebs_optimized/metadata.json b/assets/queries/pulumi/aws/ec2_not_ebs_optimized/metadata.json index edb4a927633..6150b8e9ce3 100644 --- a/assets/queries/pulumi/aws/ec2_not_ebs_optimized/metadata.json +++ b/assets/queries/pulumi/aws/ec2_not_ebs_optimized/metadata.json @@ -8,5 +8,5 @@ "platform": "Pulumi", "descriptionID": "81a001dd", "cloudProvider": "aws", - "cwe": "" + "cwe": "459" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/ecs_cluster_container_insights_disabled/metadata.json b/assets/queries/pulumi/aws/ecs_cluster_container_insights_disabled/metadata.json index 78a1164bb36..dbdaa7efc46 100644 --- a/assets/queries/pulumi/aws/ecs_cluster_container_insights_disabled/metadata.json +++ b/assets/queries/pulumi/aws/ecs_cluster_container_insights_disabled/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://www.pulumi.com/registry/packages/aws/api-docs/ecs/cluster/#settings_yaml", "platform": "Pulumi", "descriptionID": "6fd99865", - "cloudProvider": "aws" + "cloudProvider": "aws", + "cwe": "778" } diff --git a/assets/queries/pulumi/aws/elasticache_nodes_not_created_across_multi_az/metadata.json b/assets/queries/pulumi/aws/elasticache_nodes_not_created_across_multi_az/metadata.json index 5ccbe26ea83..b6a4a334a20 100644 --- a/assets/queries/pulumi/aws/elasticache_nodes_not_created_across_multi_az/metadata.json +++ b/assets/queries/pulumi/aws/elasticache_nodes_not_created_across_multi_az/metadata.json @@ -8,5 +8,5 @@ "platform": "Pulumi", "descriptionID": "149de780", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/elasticache_redis_cluster_without_backup/metadata.json b/assets/queries/pulumi/aws/elasticache_redis_cluster_without_backup/metadata.json index 41e5a1f5fdb..8dde1f0a6e6 100644 --- a/assets/queries/pulumi/aws/elasticache_redis_cluster_without_backup/metadata.json +++ b/assets/queries/pulumi/aws/elasticache_redis_cluster_without_backup/metadata.json @@ -8,5 +8,5 @@ "platform": "Pulumi", "descriptionID": "ff8bf6c0", "cloudProvider": "aws", - "cwe": "" + "cwe": "459" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/elasticsearch_logs_disabled/metadata.json b/assets/queries/pulumi/aws/elasticsearch_logs_disabled/metadata.json index 5bf614e8810..d4c010d20be 100644 --- a/assets/queries/pulumi/aws/elasticsearch_logs_disabled/metadata.json +++ b/assets/queries/pulumi/aws/elasticsearch_logs_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "Pulumi", "descriptionID": "55b7425d", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/elasticsearch_with_https_disabled/metadata.json b/assets/queries/pulumi/aws/elasticsearch_with_https_disabled/metadata.json index e7fafe1f336..d4c5495e892 100644 --- a/assets/queries/pulumi/aws/elasticsearch_with_https_disabled/metadata.json +++ b/assets/queries/pulumi/aws/elasticsearch_with_https_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "Pulumi", "descriptionID": "831d28f3", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/iam_password_without_minimum_length/metadata.json b/assets/queries/pulumi/aws/iam_password_without_minimum_length/metadata.json index 991c4cb3635..ec917733a90 100644 --- a/assets/queries/pulumi/aws/iam_password_without_minimum_length/metadata.json +++ b/assets/queries/pulumi/aws/iam_password_without_minimum_length/metadata.json @@ -8,6 +8,6 @@ "platform": "Pulumi", "descriptionID": "5e46720a", "cloudProvider": "aws", - "cwe": "", + "cwe": "521", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/pulumi/aws/rds_db_instance_publicly_accessible/metadata.json b/assets/queries/pulumi/aws/rds_db_instance_publicly_accessible/metadata.json index 0f91d9667eb..46d2f890767 100644 --- a/assets/queries/pulumi/aws/rds_db_instance_publicly_accessible/metadata.json +++ b/assets/queries/pulumi/aws/rds_db_instance_publicly_accessible/metadata.json @@ -8,6 +8,6 @@ "platform": "Pulumi", "descriptionID": "be6d13f0", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/pulumi/azure/redis_cache_allows_non_ssl_connections/metadata.json b/assets/queries/pulumi/azure/redis_cache_allows_non_ssl_connections/metadata.json index 86cbcee9c64..fc0a22da592 100644 --- a/assets/queries/pulumi/azure/redis_cache_allows_non_ssl_connections/metadata.json +++ b/assets/queries/pulumi/azure/redis_cache_allows_non_ssl_connections/metadata.json @@ -8,5 +8,5 @@ "platform": "Pulumi", "descriptionID": "64acf7a6", "cloudProvider": "azure", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/pulumi/azure/storage_account_not_forcing_https/metadata.json b/assets/queries/pulumi/azure/storage_account_not_forcing_https/metadata.json index 339739ad233..4f154b608ec 100644 --- a/assets/queries/pulumi/azure/storage_account_not_forcing_https/metadata.json +++ b/assets/queries/pulumi/azure/storage_account_not_forcing_https/metadata.json @@ -8,6 +8,6 @@ "platform": "Pulumi", "descriptionID": "406540e1", "cloudProvider": "azure", - "cwe": "", + "cwe": "319", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/pulumi/gcp/cloud_storage_bucket_logging_not_enabled/metadata.json b/assets/queries/pulumi/gcp/cloud_storage_bucket_logging_not_enabled/metadata.json index e4fe6dfc9d3..fa44d4fe483 100644 --- a/assets/queries/pulumi/gcp/cloud_storage_bucket_logging_not_enabled/metadata.json +++ b/assets/queries/pulumi/gcp/cloud_storage_bucket_logging_not_enabled/metadata.json @@ -8,6 +8,6 @@ "platform": "Pulumi", "descriptionID": "cc15c4d8", "cloudProvider": "gcp", - "cwe": "", + "cwe": "778", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/pulumi/gcp/google_compute_ssl_policy_weak_cipher_in_use/metadata.json b/assets/queries/pulumi/gcp/google_compute_ssl_policy_weak_cipher_in_use/metadata.json index cacf6946a84..7fcea014e36 100644 --- a/assets/queries/pulumi/gcp/google_compute_ssl_policy_weak_cipher_in_use/metadata.json +++ b/assets/queries/pulumi/gcp/google_compute_ssl_policy_weak_cipher_in_use/metadata.json @@ -8,5 +8,5 @@ "platform": "Pulumi", "descriptionID": "58a27cbf", "cloudProvider": "gcp", - "cwe": "" + "cwe": "326" } \ No newline at end of file From 1d9ba5673d6454a5ec51040583c8637be23c4e50 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Mon, 1 Jul 2024 10:14:52 +0100 Subject: [PATCH 03/10] add CWE infos to grpc, knative and buildah queries --- assets/queries/buildah/run_using_apt/metadata.json | 3 ++- assets/queries/grpc/enum_name_not_camel_case/metadata.json | 2 +- .../metadata.json | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/assets/queries/buildah/run_using_apt/metadata.json b/assets/queries/buildah/run_using_apt/metadata.json index 517800da9f4..2aab2f0febd 100644 --- a/assets/queries/buildah/run_using_apt/metadata.json +++ b/assets/queries/buildah/run_using_apt/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://github.com/containers/buildah/blob/main/docs/buildah-run.1.md", "platform": "Buildah", "descriptionID": "eb58fa0b", - "cwe": "", + "cloudProvider": "common", + "cwe": "1188", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/grpc/enum_name_not_camel_case/metadata.json b/assets/queries/grpc/enum_name_not_camel_case/metadata.json index 80d1bac1a71..b5752fd055f 100644 --- a/assets/queries/grpc/enum_name_not_camel_case/metadata.json +++ b/assets/queries/grpc/enum_name_not_camel_case/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://developers.google.com/protocol-buffers/docs/reference/proto3-spec#enum_definition", "platform": "GRPC", "descriptionID": "a780a54d", - "cwe": "", + "cwe": "1099", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/knative/serving_revision_spec_without_timeout_settings/metadata.json b/assets/queries/knative/serving_revision_spec_without_timeout_settings/metadata.json index 73aceeb7db7..7e47d2236e2 100644 --- a/assets/queries/knative/serving_revision_spec_without_timeout_settings/metadata.json +++ b/assets/queries/knative/serving_revision_spec_without_timeout_settings/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://knative.dev/docs/reference/api/serving-api/#serving.knative.dev/v1.RevisionSpec", "platform": "Knative", "descriptionID": "0b6ca133", - "cwe": "" + "cwe": "799" } \ No newline at end of file From 86b3ecf5a8e7518029414960efb3c813bca41bd7 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Mon, 1 Jul 2024 10:26:23 +0100 Subject: [PATCH 04/10] add cloudProvider to queries metadata --- assets/queries/grpc/enum_name_not_camel_case/metadata.json | 1 + .../metadata.json | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/assets/queries/grpc/enum_name_not_camel_case/metadata.json b/assets/queries/grpc/enum_name_not_camel_case/metadata.json index b5752fd055f..a3db85cdaf8 100644 --- a/assets/queries/grpc/enum_name_not_camel_case/metadata.json +++ b/assets/queries/grpc/enum_name_not_camel_case/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://developers.google.com/protocol-buffers/docs/reference/proto3-spec#enum_definition", "platform": "GRPC", "descriptionID": "a780a54d", + "cloudProvider": "common", "cwe": "1099", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/knative/serving_revision_spec_without_timeout_settings/metadata.json b/assets/queries/knative/serving_revision_spec_without_timeout_settings/metadata.json index 7e47d2236e2..d02660fb74b 100644 --- a/assets/queries/knative/serving_revision_spec_without_timeout_settings/metadata.json +++ b/assets/queries/knative/serving_revision_spec_without_timeout_settings/metadata.json @@ -7,5 +7,7 @@ "descriptionUrl": "https://knative.dev/docs/reference/api/serving-api/#serving.knative.dev/v1.RevisionSpec", "platform": "Knative", "descriptionID": "0b6ca133", - "cwe": "799" + "cloudProvider": "common", + "cwe": "799", + "oldSeverity": "INFO" } \ No newline at end of file From 276984e93677ae168dac28fd3568cda9a432e2fb Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Mon, 1 Jul 2024 16:26:17 +0100 Subject: [PATCH 05/10] add cwe infos to all k8s queries --- .../always_admit_admission_control_plugin_set/metadata.json | 2 +- .../metadata.json | 2 +- .../k8s/anonymous_auth_is_not_set_to_false/metadata.json | 2 +- .../k8s/audit_log_maxage_not_properly_set/metadata.json | 2 +- .../k8s/audit_log_maxbackup_not_properly_set/metadata.json | 2 +- .../k8s/audit_log_maxsize_not_properly_set/metadata.json | 2 +- assets/queries/k8s/audit_log_path_not_set/metadata.json | 2 +- .../queries/k8s/audit_policy_file_not_defined/metadata.json | 2 +- .../metadata.json | 2 +- .../queries/k8s/authorization_mode_node_not_set/metadata.json | 2 +- .../queries/k8s/authorization_mode_rbac_not_set/metadata.json | 2 +- .../k8s/authorization_mode_set_to_always_allow/metadata.json | 2 +- assets/queries/k8s/auto_tls_set_to_true/metadata.json | 2 +- assets/queries/k8s/basic_auth_file_is_set/metadata.json | 2 +- .../queries/k8s/bind_address_not_properly_set/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../queries/k8s/cluster_allows_unsafe_sysctls/metadata.json | 2 +- .../metadata.json | 2 +- assets/queries/k8s/container_is_privileged/metadata.json | 2 +- assets/queries/k8s/container_runs_unmasked/metadata.json | 2 +- assets/queries/k8s/containers_run_with_low_uid/metadata.json | 2 +- assets/queries/k8s/containers_running_as_root/metadata.json | 2 +- .../k8s/containers_with_added_capabilities/metadata.json | 2 +- .../k8s/containers_with_sys_admin_capabilities/metadata.json | 2 +- assets/queries/k8s/cpu_limits_not_set/metadata.json | 2 +- assets/queries/k8s/cpu_requests_not_set/metadata.json | 2 +- .../queries/k8s/cronjob_deadline_not_configured/metadata.json | 2 +- assets/queries/k8s/dashboard_is_enabled/metadata.json | 2 +- .../k8s/deployment_has_no_pod_anti_affinity/metadata.json | 2 +- .../deployment_without_pod_disruption_budget/metadata.json | 2 +- .../metadata.json | 2 +- .../encryption_provider_config_is_not_defined/metadata.json | 2 +- .../encryption_provider_not_properly_configured/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../etcd_client_certificate_file_not_defined/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../etcd_tls_certificate_files_not_properly_set/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- assets/queries/k8s/hpa_targets_invalid_object/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- assets/queries/k8s/image_without_digest/metadata.json | 2 +- .../metadata.json | 2 +- .../k8s/ingress_controller_exposes_workload/metadata.json | 2 +- assets/queries/k8s/insecure_bind_address_set/metadata.json | 2 +- .../queries/k8s/insecure_port_not_properly_set/metadata.json | 2 +- assets/queries/k8s/invalid_image/metadata.json | 2 +- .../k8s/kubelet_certificate_authority_not_set/metadata.json | 2 +- .../kubelet_client_certificate_or_key_not_set/metadata.json | 2 +- .../metadata.json | 2 +- .../k8s/kubelet_event_qps_not_properly_set/metadata.json | 2 +- .../k8s/kubelet_hostname_override_is_set/metadata.json | 2 +- assets/queries/k8s/kubelet_https_set_to_false/metadata.json | 2 +- .../queries/k8s/kubelet_not_managing_ip_tables/metadata.json | 2 +- .../metadata.json | 2 +- .../kubelet_read_only_port_is_not_set_to_zero/metadata.json | 2 +- .../metadata.json | 2 +- .../queries/k8s/liveness_probe_is_not_defined/metadata.json | 2 +- assets/queries/k8s/memory_limits_not_defined/metadata.json | 2 +- assets/queries/k8s/memory_requests_not_defined/metadata.json | 2 +- assets/queries/k8s/metadata_label_is_invalid/metadata.json | 2 +- assets/queries/k8s/missing_app_armor_config/metadata.json | 2 +- .../metadata.json | 2 +- .../k8s/net_raw_capabilities_disabled_for_psp/metadata.json | 2 +- .../k8s/net_raw_capabilities_not_being_dropped/metadata.json | 2 +- .../k8s/network_policy_is_not_targeting_any_pod/metadata.json | 2 +- .../k8s/no_drop_capabilities_for_containers/metadata.json | 2 +- .../metadata.json | 2 +- .../k8s/non_kube_system_pod_with_host_mount/metadata.json | 2 +- .../metadata.json | 2 +- .../k8s/not_unique_certificate_authority/metadata.json | 2 +- .../object_is_using_a_deprecated_api_version/metadata.json | 2 +- assets/queries/k8s/peer_auto_tls_set_to_true/metadata.json | 2 +- .../k8s/permissive_access_to_create_pods/metadata.json | 2 +- .../k8s/pod_misconfigured_network_policy/metadata.json | 2 +- .../k8s/pod_or_container_without_limit_range/metadata.json | 2 +- .../k8s/pod_or_container_without_resource_quota/metadata.json | 2 +- .../pod_or_container_without_security_context/metadata.json | 2 +- .../metadata.json | 2 +- assets/queries/k8s/privilege_escalation_allowed/metadata.json | 2 +- assets/queries/k8s/profiling_not_set_to_false/metadata.json | 2 +- .../queries/k8s/psp_allows_privilege_escalation/metadata.json | 2 +- assets/queries/k8s/psp_allows_sharing_host_ipc/metadata.json | 2 +- assets/queries/k8s/psp_allows_sharing_host_pid/metadata.json | 2 +- .../psp_containers_share_host_network_namespace/metadata.json | 2 +- assets/queries/k8s/psp_set_to_privileged/metadata.json | 2 +- assets/queries/k8s/psp_with_added_capabilities/metadata.json | 2 +- .../psp_with_unrestricted_access_to_host_path/metadata.json | 2 +- .../k8s/rbac_roles_allow_privilege_escalation/metadata.json | 2 +- .../k8s/rbac_roles_with_attach_permission/metadata.json | 2 +- .../queries/k8s/rbac_roles_with_exec_permission/metadata.json | 2 +- .../k8s/rbac_roles_with_impersonate_permission/metadata.json | 2 +- .../rbac_roles_with_portforwarding_permissions/metadata.json | 2 +- .../rbac_roles_with_read_secrets_permissions/metadata.json | 2 +- assets/queries/k8s/rbac_wildcard_in_rule/metadata.json | 2 +- .../k8s/readiness_probe_is_not_configured/metadata.json | 2 +- .../k8s/request_timeout_not_properly_set/metadata.json | 2 +- .../k8s/role_binding_to_default_service_account/metadata.json | 2 +- assets/queries/k8s/root_ca_file_not_defined/metadata.json | 2 +- .../k8s/root_container_not_mounted_as_read_only/metadata.json | 4 ++-- assets/queries/k8s/root_containers_admitted/metadata.json | 2 +- .../metadata.json | 2 +- .../k8s/seccomp_profile_is_not_configured/metadata.json | 2 +- .../k8s/secrets_as_environment_variables/metadata.json | 2 +- assets/queries/k8s/secure_port_set_to_zero/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../k8s/service_account_allows_access_secrets/metadata.json | 2 +- .../service_account_key_file_not_properly_set/metadata.json | 2 +- .../k8s/service_account_lookup_set_to_false/metadata.json | 2 +- .../k8s/service_account_name_undefined_or_empty/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- assets/queries/k8s/service_does_not_target_pod/metadata.json | 2 +- assets/queries/k8s/service_type_is_nodeport/metadata.json | 2 +- .../k8s/service_with_external_load_balancer/metadata.json | 2 +- assets/queries/k8s/shared_host_ipc_namespace/metadata.json | 2 +- .../queries/k8s/shared_host_network_namespace/metadata.json | 2 +- assets/queries/k8s/shared_host_pid_namespace/metadata.json | 2 +- assets/queries/k8s/shared_service_account/metadata.json | 2 +- .../k8s/statefulset_has_no_pod_anti_affinity/metadata.json | 2 +- assets/queries/k8s/statefulset_requests_storage/metadata.json | 2 +- .../statefulset_without_pod_disruption_budget/metadata.json | 2 +- .../k8s/statefulset_without_service_name/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- assets/queries/k8s/tiller_is_deployed/metadata.json | 2 +- .../queries/k8s/tiller_service_is_not_deleted/metadata.json | 2 +- .../k8s/tls_connection_certificate_not_setup/metadata.json | 2 +- assets/queries/k8s/token_auth_file_is_set/metadata.json | 2 +- .../metadata.json | 2 +- .../using_kubernetes_native_secret_management/metadata.json | 2 +- .../queries/k8s/using_unrecommended_namespace/metadata.json | 2 +- .../metadata.json | 2 +- assets/queries/k8s/weak_tls_cipher_suites/metadata.json | 2 +- .../k8s/workload_host_port_not_specified/metadata.json | 2 +- .../metadata.json | 2 +- 142 files changed, 143 insertions(+), 143 deletions(-) diff --git a/assets/queries/k8s/always_admit_admission_control_plugin_set/metadata.json b/assets/queries/k8s/always_admit_admission_control_plugin_set/metadata.json index 35e66d0ddb6..4e50a2ea01e 100644 --- a/assets/queries/k8s/always_admit_admission_control_plugin_set/metadata.json +++ b/assets/queries/k8s/always_admit_admission_control_plugin_set/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "782a8f84", - "cwe": "", + "cwe": "285", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/always_pull_images_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/always_pull_images_admission_control_plugin_not_set/metadata.json index 4571503c406..23819b5610d 100644 --- a/assets/queries/k8s/always_pull_images_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/always_pull_images_admission_control_plugin_not_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "503bf412", - "cwe": "" + "cwe": "829" } \ No newline at end of file diff --git a/assets/queries/k8s/anonymous_auth_is_not_set_to_false/metadata.json b/assets/queries/k8s/anonymous_auth_is_not_set_to_false/metadata.json index 84481d37d89..faeb0054b1b 100644 --- a/assets/queries/k8s/anonymous_auth_is_not_set_to_false/metadata.json +++ b/assets/queries/k8s/anonymous_auth_is_not_set_to_false/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "2e5b19cc", - "cwe": "" + "cwe": "1390" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_log_maxage_not_properly_set/metadata.json b/assets/queries/k8s/audit_log_maxage_not_properly_set/metadata.json index 12af9a7d731..761ae74cd78 100644 --- a/assets/queries/k8s/audit_log_maxage_not_properly_set/metadata.json +++ b/assets/queries/k8s/audit_log_maxage_not_properly_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "a5bc6d07", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_log_maxbackup_not_properly_set/metadata.json b/assets/queries/k8s/audit_log_maxbackup_not_properly_set/metadata.json index 38bcb1fd7d1..3d732e5019e 100644 --- a/assets/queries/k8s/audit_log_maxbackup_not_properly_set/metadata.json +++ b/assets/queries/k8s/audit_log_maxbackup_not_properly_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "eb8a6c2a", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_log_maxsize_not_properly_set/metadata.json b/assets/queries/k8s/audit_log_maxsize_not_properly_set/metadata.json index 7abf1e1bf88..2ec799a74be 100644 --- a/assets/queries/k8s/audit_log_maxsize_not_properly_set/metadata.json +++ b/assets/queries/k8s/audit_log_maxsize_not_properly_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "9609fc23", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_log_path_not_set/metadata.json b/assets/queries/k8s/audit_log_path_not_set/metadata.json index 89a7e6672c8..0eefa7d7229 100644 --- a/assets/queries/k8s/audit_log_path_not_set/metadata.json +++ b/assets/queries/k8s/audit_log_path_not_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "21d0f732", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_policy_file_not_defined/metadata.json b/assets/queries/k8s/audit_policy_file_not_defined/metadata.json index 283030cf66a..3ad6800c4bd 100644 --- a/assets/queries/k8s/audit_policy_file_not_defined/metadata.json +++ b/assets/queries/k8s/audit_policy_file_not_defined/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "7ae0f3cb", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_policy_not_cover_key_security_concerns/metadata.json b/assets/queries/k8s/audit_policy_not_cover_key_security_concerns/metadata.json index 75490088e97..99088f92810 100644 --- a/assets/queries/k8s/audit_policy_not_cover_key_security_concerns/metadata.json +++ b/assets/queries/k8s/audit_policy_not_cover_key_security_concerns/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/debug-application-cluster/audit/", "platform": "Kubernetes", "descriptionID": "4a720a0c", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/k8s/authorization_mode_node_not_set/metadata.json b/assets/queries/k8s/authorization_mode_node_not_set/metadata.json index 5019aefcf21..b9bfc59c449 100644 --- a/assets/queries/k8s/authorization_mode_node_not_set/metadata.json +++ b/assets/queries/k8s/authorization_mode_node_not_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "1d944481", - "cwe": "" + "cwe": "285" } \ No newline at end of file diff --git a/assets/queries/k8s/authorization_mode_rbac_not_set/metadata.json b/assets/queries/k8s/authorization_mode_rbac_not_set/metadata.json index f47d35128c2..2ebcb0655c8 100644 --- a/assets/queries/k8s/authorization_mode_rbac_not_set/metadata.json +++ b/assets/queries/k8s/authorization_mode_rbac_not_set/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "5298aafe", - "cwe": "", + "cwe": "285", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/authorization_mode_set_to_always_allow/metadata.json b/assets/queries/k8s/authorization_mode_set_to_always_allow/metadata.json index c86993faf71..73bbbbbd712 100644 --- a/assets/queries/k8s/authorization_mode_set_to_always_allow/metadata.json +++ b/assets/queries/k8s/authorization_mode_set_to_always_allow/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "f5c66471", - "cwe": "", + "cwe": "285", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/auto_tls_set_to_true/metadata.json b/assets/queries/k8s/auto_tls_set_to_true/metadata.json index d816b3f230c..9fe7cc17dc9 100644 --- a/assets/queries/k8s/auto_tls_set_to_true/metadata.json +++ b/assets/queries/k8s/auto_tls_set_to_true/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "81883f01", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/basic_auth_file_is_set/metadata.json b/assets/queries/k8s/basic_auth_file_is_set/metadata.json index 6f43e3758dd..5332c4fcaeb 100644 --- a/assets/queries/k8s/basic_auth_file_is_set/metadata.json +++ b/assets/queries/k8s/basic_auth_file_is_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "e021b84c", - "cwe": "" + "cwe": "1390" } \ No newline at end of file diff --git a/assets/queries/k8s/bind_address_not_properly_set/metadata.json b/assets/queries/k8s/bind_address_not_properly_set/metadata.json index f585fc14bdf..2d0896b9ad4 100644 --- a/assets/queries/k8s/bind_address_not_properly_set/metadata.json +++ b/assets/queries/k8s/bind_address_not_properly_set/metadata.json @@ -7,7 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/", "platform": "Kubernetes", "descriptionID": "b52844f2", - "cwe": "", + "cwe": "710", "oldSeverity": "HIGH", "cloudProvider": "common" } diff --git a/assets/queries/k8s/client_certificate_authentication_not_setup_properly/metadata.json b/assets/queries/k8s/client_certificate_authentication_not_setup_properly/metadata.json index f59f402ac9f..ccc4e598e83 100644 --- a/assets/queries/k8s/client_certificate_authentication_not_setup_properly/metadata.json +++ b/assets/queries/k8s/client_certificate_authentication_not_setup_properly/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", "platform": "Kubernetes", "descriptionID": "78c11e53", - "cwe": "" + "cwe": "1390" } \ No newline at end of file diff --git a/assets/queries/k8s/cluster_admin_role_binding_with_super_user_permissions/metadata.json b/assets/queries/k8s/cluster_admin_role_binding_with_super_user_permissions/metadata.json index ba2eadbdfeb..8a5be31ebb9 100644 --- a/assets/queries/k8s/cluster_admin_role_binding_with_super_user_permissions/metadata.json +++ b/assets/queries/k8s/cluster_admin_role_binding_with_super_user_permissions/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles", "platform": "Kubernetes", "descriptionID": "567eee7e", - "cwe": "" + "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/cluster_allows_unsafe_sysctls/metadata.json b/assets/queries/k8s/cluster_allows_unsafe_sysctls/metadata.json index 6138d0145f8..a3a7a82bbfc 100644 --- a/assets/queries/k8s/cluster_allows_unsafe_sysctls/metadata.json +++ b/assets/queries/k8s/cluster_allows_unsafe_sysctls/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/", "platform": "Kubernetes", "descriptionID": "6eb994bc", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/cni_plugin_does_not_support_network_policies/metadata.json b/assets/queries/k8s/cni_plugin_does_not_support_network_policies/metadata.json index 20fbff33f58..10509e3adf4 100644 --- a/assets/queries/k8s/cni_plugin_does_not_support_network_policies/metadata.json +++ b/assets/queries/k8s/cni_plugin_does_not_support_network_policies/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/", "platform": "Kubernetes", "descriptionID": "0e8d122c", - "cwe": "" + "cwe": "923" } \ No newline at end of file diff --git a/assets/queries/k8s/container_is_privileged/metadata.json b/assets/queries/k8s/container_is_privileged/metadata.json index a130656e0ea..239ce81b965 100644 --- a/assets/queries/k8s/container_is_privileged/metadata.json +++ b/assets/queries/k8s/container_is_privileged/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/pods/#privileged-mode-for-containers", "platform": "Kubernetes", "descriptionID": "55f59030", - "cwe": "" + "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/container_runs_unmasked/metadata.json b/assets/queries/k8s/container_runs_unmasked/metadata.json index 6355ef9e6f5..a9acf405ad7 100644 --- a/assets/queries/k8s/container_runs_unmasked/metadata.json +++ b/assets/queries/k8s/container_runs_unmasked/metadata.json @@ -8,6 +8,6 @@ "platform": "Kubernetes", "descriptionID": "50caf90a", "cloudProvider": "common", - "cwe": "", + "cwe": "1188", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/containers_run_with_low_uid/metadata.json b/assets/queries/k8s/containers_run_with_low_uid/metadata.json index e41eecd0b5d..608b09d40eb 100644 --- a/assets/queries/k8s/containers_run_with_low_uid/metadata.json +++ b/assets/queries/k8s/containers_run_with_low_uid/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "fc2c11f9", - "cwe": "" + "cwe": "1188" } \ No newline at end of file diff --git a/assets/queries/k8s/containers_running_as_root/metadata.json b/assets/queries/k8s/containers_running_as_root/metadata.json index 76438a7ebfc..8236cafbdaf 100644 --- a/assets/queries/k8s/containers_running_as_root/metadata.json +++ b/assets/queries/k8s/containers_running_as_root/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "9d5b1d16", - "cwe": "" + "cwe": "1188" } \ No newline at end of file diff --git a/assets/queries/k8s/containers_with_added_capabilities/metadata.json b/assets/queries/k8s/containers_with_added_capabilities/metadata.json index c6b8d00a84d..3c39b47a348 100644 --- a/assets/queries/k8s/containers_with_added_capabilities/metadata.json +++ b/assets/queries/k8s/containers_with_added_capabilities/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "719acefd", - "cwe": "" + "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/containers_with_sys_admin_capabilities/metadata.json b/assets/queries/k8s/containers_with_sys_admin_capabilities/metadata.json index 21a2a61abc4..9b2dea74046 100644 --- a/assets/queries/k8s/containers_with_sys_admin_capabilities/metadata.json +++ b/assets/queries/k8s/containers_with_sys_admin_capabilities/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "029aeb1d", - "cwe": "", + "cwe": "250", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/cpu_limits_not_set/metadata.json b/assets/queries/k8s/cpu_limits_not_set/metadata.json index 479d9704b60..ab967892a9e 100644 --- a/assets/queries/k8s/cpu_limits_not_set/metadata.json +++ b/assets/queries/k8s/cpu_limits_not_set/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "platform": "Kubernetes", "descriptionID": "9a2ef763", - "cwe": "", + "cwe": "400", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/cpu_requests_not_set/metadata.json b/assets/queries/k8s/cpu_requests_not_set/metadata.json index ccb66a3e598..f0f664e6b0d 100644 --- a/assets/queries/k8s/cpu_requests_not_set/metadata.json +++ b/assets/queries/k8s/cpu_requests_not_set/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#", "platform": "Kubernetes", "descriptionID": "ac7ad5df", - "cwe": "", + "cwe": "400", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/cronjob_deadline_not_configured/metadata.json b/assets/queries/k8s/cronjob_deadline_not_configured/metadata.json index 95afa7992ca..40b43f435f8 100644 --- a/assets/queries/k8s/cronjob_deadline_not_configured/metadata.json +++ b/assets/queries/k8s/cronjob_deadline_not_configured/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/", "platform": "Kubernetes", "descriptionID": "285952e5", - "cwe": "" + "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/dashboard_is_enabled/metadata.json b/assets/queries/k8s/dashboard_is_enabled/metadata.json index 678827c9bce..48b77858a41 100644 --- a/assets/queries/k8s/dashboard_is_enabled/metadata.json +++ b/assets/queries/k8s/dashboard_is_enabled/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/", "platform": "Kubernetes", "descriptionID": "ad0e6a8d", - "cwe": "" + "cwe": "779" } \ No newline at end of file diff --git a/assets/queries/k8s/deployment_has_no_pod_anti_affinity/metadata.json b/assets/queries/k8s/deployment_has_no_pod_anti_affinity/metadata.json index 27a0e9ae82c..eae582c7804 100644 --- a/assets/queries/k8s/deployment_has_no_pod_anti_affinity/metadata.json +++ b/assets/queries/k8s/deployment_has_no_pod_anti_affinity/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/", "platform": "Kubernetes", "descriptionID": "22146f41", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/k8s/deployment_without_pod_disruption_budget/metadata.json b/assets/queries/k8s/deployment_without_pod_disruption_budget/metadata.json index 4664515472a..9fbe773086d 100644 --- a/assets/queries/k8s/deployment_without_pod_disruption_budget/metadata.json +++ b/assets/queries/k8s/deployment_without_pod_disruption_budget/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/run-application/configure-pdb/", "platform": "Kubernetes", "descriptionID": "df941cb9", - "cwe": "" + "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/metadata.json b/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/metadata.json index e0b5500ecbd..be299121a8a 100644 --- a/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/metadata.json +++ b/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/storage/volumes/", "platform": "Kubernetes", "descriptionID": "0865e6f6", - "cwe": "", + "cwe": "668", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/k8s/encryption_provider_config_is_not_defined/metadata.json b/assets/queries/k8s/encryption_provider_config_is_not_defined/metadata.json index 96b5145a8a7..d3ff58e3115 100644 --- a/assets/queries/k8s/encryption_provider_config_is_not_defined/metadata.json +++ b/assets/queries/k8s/encryption_provider_config_is_not_defined/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "c018594c", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/k8s/encryption_provider_not_properly_configured/metadata.json b/assets/queries/k8s/encryption_provider_not_properly_configured/metadata.json index 14b6dcb33aa..83cdaca13a8 100644 --- a/assets/queries/k8s/encryption_provider_not_properly_configured/metadata.json +++ b/assets/queries/k8s/encryption_provider_not_properly_configured/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#understanding-the-encryption-at-rest-configuration", "platform": "Kubernetes", "descriptionID": "c60a5ece", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/k8s/ensure_administrative_boundaries_between_resources/metadata.json b/assets/queries/k8s/ensure_administrative_boundaries_between_resources/metadata.json index fcf44f4af25..79a4def83f5 100644 --- a/assets/queries/k8s/ensure_administrative_boundaries_between_resources/metadata.json +++ b/assets/queries/k8s/ensure_administrative_boundaries_between_resources/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "platform": "Kubernetes", "descriptionID": "8182d7cf", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_client_certificate_authentication_set_to_false/metadata.json b/assets/queries/k8s/etcd_client_certificate_authentication_set_to_false/metadata.json index 8a9a1317371..9e2502ac0a7 100644 --- a/assets/queries/k8s/etcd_client_certificate_authentication_set_to_false/metadata.json +++ b/assets/queries/k8s/etcd_client_certificate_authentication_set_to_false/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "e79812fb", - "cwe": "" + "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_client_certificate_file_not_defined/metadata.json b/assets/queries/k8s/etcd_client_certificate_file_not_defined/metadata.json index 3db625c5c3a..134f9f29a0d 100644 --- a/assets/queries/k8s/etcd_client_certificate_file_not_defined/metadata.json +++ b/assets/queries/k8s/etcd_client_certificate_file_not_defined/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "f385527b", - "cwe": "" + "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_peer_client_certificate_authentication_set_to_false/metadata.json b/assets/queries/k8s/etcd_peer_client_certificate_authentication_set_to_false/metadata.json index 1a0e9e42b10..13fd9e85c6f 100644 --- a/assets/queries/k8s/etcd_peer_client_certificate_authentication_set_to_false/metadata.json +++ b/assets/queries/k8s/etcd_peer_client_certificate_authentication_set_to_false/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "00b0e7f2", - "cwe": "" + "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_peer_tls_certificate_files_not_properly_set/metadata.json b/assets/queries/k8s/etcd_peer_tls_certificate_files_not_properly_set/metadata.json index 8c10d1be5de..1e0ad5ab2d8 100644 --- a/assets/queries/k8s/etcd_peer_tls_certificate_files_not_properly_set/metadata.json +++ b/assets/queries/k8s/etcd_peer_tls_certificate_files_not_properly_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "f3bb5a8e", - "cwe": "" + "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/metadata.json b/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/metadata.json index f4b075d35a5..2048734fa1b 100644 --- a/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/metadata.json +++ b/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "3c8aae35", - "cwe": "", + "cwe": "287", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/metadata.json b/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/metadata.json index fd7d71f6cbf..0eb854df3d1 100644 --- a/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/metadata.json +++ b/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "073667d8", - "cwe": "", + "cwe": "287", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/event_rate_limit_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/event_rate_limit_admission_control_plugin_not_set/metadata.json index ebe979e5d4a..7f19a069e2a 100644 --- a/assets/queries/k8s/event_rate_limit_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/event_rate_limit_admission_control_plugin_not_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "3cc9eca8", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/metadata.json b/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/metadata.json index 2b75a4f907e..9d8fe30127f 100644 --- a/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/metadata.json +++ b/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/", "platform": "Kubernetes", "descriptionID": "3ccc5d6c", - "cwe": "", + "cwe": "400", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/k8s/hpa_targets_invalid_object/metadata.json b/assets/queries/k8s/hpa_targets_invalid_object/metadata.json index f0e0d12b480..5d79404153e 100644 --- a/assets/queries/k8s/hpa_targets_invalid_object/metadata.json +++ b/assets/queries/k8s/hpa_targets_invalid_object/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/", "platform": "Kubernetes", "descriptionID": "450f7251", - "cwe": "" + "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/image_policy_webhook_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/image_policy_webhook_admission_control_plugin_not_set/metadata.json index 14a0e742f02..c7ee725d7d1 100644 --- a/assets/queries/k8s/image_policy_webhook_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/image_policy_webhook_admission_control_plugin_not_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "7e7fe5b6", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/image_pull_policy_of_container_is_not_always/metadata.json b/assets/queries/k8s/image_pull_policy_of_container_is_not_always/metadata.json index 787c30dfff5..55a5674d1e1 100644 --- a/assets/queries/k8s/image_pull_policy_of_container_is_not_always/metadata.json +++ b/assets/queries/k8s/image_pull_policy_of_container_is_not_always/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/containers/images/#updating-images", "platform": "Kubernetes", "descriptionID": "201e3c8d", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/image_without_digest/metadata.json b/assets/queries/k8s/image_without_digest/metadata.json index 5506b5dd7f5..b602eaab35c 100644 --- a/assets/queries/k8s/image_without_digest/metadata.json +++ b/assets/queries/k8s/image_without_digest/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/containers/images/#updating-images", "platform": "Kubernetes", "descriptionID": "3f9f8d78", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/incorrect_volume_claim_access_mode_read_write_once/metadata.json b/assets/queries/k8s/incorrect_volume_claim_access_mode_read_write_once/metadata.json index 631407918f1..c22306d3660 100644 --- a/assets/queries/k8s/incorrect_volume_claim_access_mode_read_write_once/metadata.json +++ b/assets/queries/k8s/incorrect_volume_claim_access_mode_read_write_once/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/", "platform": "Kubernetes", "descriptionID": "f4e48914", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/ingress_controller_exposes_workload/metadata.json b/assets/queries/k8s/ingress_controller_exposes_workload/metadata.json index 3b867f74144..1b7d83d3d47 100644 --- a/assets/queries/k8s/ingress_controller_exposes_workload/metadata.json +++ b/assets/queries/k8s/ingress_controller_exposes_workload/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/", "platform": "Kubernetes", "descriptionID": "7db90ca7", - "cwe": "" + "cwe": "779" } \ No newline at end of file diff --git a/assets/queries/k8s/insecure_bind_address_set/metadata.json b/assets/queries/k8s/insecure_bind_address_set/metadata.json index f42d855967c..fd69e276b34 100644 --- a/assets/queries/k8s/insecure_bind_address_set/metadata.json +++ b/assets/queries/k8s/insecure_bind_address_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "5b1eb26c", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/insecure_port_not_properly_set/metadata.json b/assets/queries/k8s/insecure_port_not_properly_set/metadata.json index f61d70836e6..4fb4c56ee0d 100644 --- a/assets/queries/k8s/insecure_port_not_properly_set/metadata.json +++ b/assets/queries/k8s/insecure_port_not_properly_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "d9e178b1", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/invalid_image/metadata.json b/assets/queries/k8s/invalid_image/metadata.json index 2fe210d3bae..35f06d132bd 100644 --- a/assets/queries/k8s/invalid_image/metadata.json +++ b/assets/queries/k8s/invalid_image/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/containers/images/#updating-images", "platform": "Kubernetes", "descriptionID": "30154626", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_certificate_authority_not_set/metadata.json b/assets/queries/k8s/kubelet_certificate_authority_not_set/metadata.json index d671a0ae080..ec055b26936 100644 --- a/assets/queries/k8s/kubelet_certificate_authority_not_set/metadata.json +++ b/assets/queries/k8s/kubelet_certificate_authority_not_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "ce08eb5d", - "cwe": "" + "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_client_certificate_or_key_not_set/metadata.json b/assets/queries/k8s/kubelet_client_certificate_or_key_not_set/metadata.json index 87a6f35779d..11cfa0e45cf 100644 --- a/assets/queries/k8s/kubelet_client_certificate_or_key_not_set/metadata.json +++ b/assets/queries/k8s/kubelet_client_certificate_or_key_not_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "0f0e2ae7", - "cwe": "" + "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_client_periodic_certificate_switch_disabled/metadata.json b/assets/queries/k8s/kubelet_client_periodic_certificate_switch_disabled/metadata.json index 56e486ec617..06580967f9a 100644 --- a/assets/queries/k8s/kubelet_client_periodic_certificate_switch_disabled/metadata.json +++ b/assets/queries/k8s/kubelet_client_periodic_certificate_switch_disabled/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "1a17c91a", - "cwe": "" + "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_event_qps_not_properly_set/metadata.json b/assets/queries/k8s/kubelet_event_qps_not_properly_set/metadata.json index bbaf8d150d6..68f50a07f10 100644 --- a/assets/queries/k8s/kubelet_event_qps_not_properly_set/metadata.json +++ b/assets/queries/k8s/kubelet_event_qps_not_properly_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", "platform": "Kubernetes", "descriptionID": "3163b76e", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_hostname_override_is_set/metadata.json b/assets/queries/k8s/kubelet_hostname_override_is_set/metadata.json index 5310f3e07e5..b65bcb1ae68 100644 --- a/assets/queries/k8s/kubelet_hostname_override_is_set/metadata.json +++ b/assets/queries/k8s/kubelet_hostname_override_is_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", "platform": "Kubernetes", "descriptionID": "a3adb557", - "cwe": "" + "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_https_set_to_false/metadata.json b/assets/queries/k8s/kubelet_https_set_to_false/metadata.json index c6839627940..7c077a2bfcd 100644 --- a/assets/queries/k8s/kubelet_https_set_to_false/metadata.json +++ b/assets/queries/k8s/kubelet_https_set_to_false/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "754a303a", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_not_managing_ip_tables/metadata.json b/assets/queries/k8s/kubelet_not_managing_ip_tables/metadata.json index 07ee03bf7fb..28bf1120e0c 100644 --- a/assets/queries/k8s/kubelet_not_managing_ip_tables/metadata.json +++ b/assets/queries/k8s/kubelet_not_managing_ip_tables/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "1bd198ea", - "cwe": "" + "cwe": "924" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_protect_kernel_defaults_set_to_false/metadata.json b/assets/queries/k8s/kubelet_protect_kernel_defaults_set_to_false/metadata.json index 422ff1a2a22..07c125783ca 100644 --- a/assets/queries/k8s/kubelet_protect_kernel_defaults_set_to_false/metadata.json +++ b/assets/queries/k8s/kubelet_protect_kernel_defaults_set_to_false/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", "platform": "Kubernetes", "descriptionID": "e3a4b35d", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_read_only_port_is_not_set_to_zero/metadata.json b/assets/queries/k8s/kubelet_read_only_port_is_not_set_to_zero/metadata.json index 1925af0b2cc..6d915f59f4a 100644 --- a/assets/queries/k8s/kubelet_read_only_port_is_not_set_to_zero/metadata.json +++ b/assets/queries/k8s/kubelet_read_only_port_is_not_set_to_zero/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "8cedc17d", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_streaming_connection_timeout_disabled/metadata.json b/assets/queries/k8s/kubelet_streaming_connection_timeout_disabled/metadata.json index f9f16ed8b4b..0053ae4e695 100644 --- a/assets/queries/k8s/kubelet_streaming_connection_timeout_disabled/metadata.json +++ b/assets/queries/k8s/kubelet_streaming_connection_timeout_disabled/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "f0a2431d", - "cwe": "" + "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/k8s/liveness_probe_is_not_defined/metadata.json b/assets/queries/k8s/liveness_probe_is_not_defined/metadata.json index e63c7ec6f63..73087b3a46d 100644 --- a/assets/queries/k8s/liveness_probe_is_not_defined/metadata.json +++ b/assets/queries/k8s/liveness_probe_is_not_defined/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#when-should-you-use-a-liveness-probe", "platform": "Kubernetes", "descriptionID": "f724fa60", - "cwe": "", + "cwe": "754", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/k8s/memory_limits_not_defined/metadata.json b/assets/queries/k8s/memory_limits_not_defined/metadata.json index 96d5f38e39e..e054ae40f2e 100644 --- a/assets/queries/k8s/memory_limits_not_defined/metadata.json +++ b/assets/queries/k8s/memory_limits_not_defined/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/", "platform": "Kubernetes", "descriptionID": "e0ba95cc", - "cwe": "" + "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/memory_requests_not_defined/metadata.json b/assets/queries/k8s/memory_requests_not_defined/metadata.json index 687665254f9..e95e5c7201b 100644 --- a/assets/queries/k8s/memory_requests_not_defined/metadata.json +++ b/assets/queries/k8s/memory_requests_not_defined/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/", "platform": "Kubernetes", "descriptionID": "3dcbd683", - "cwe": "" + "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/metadata_label_is_invalid/metadata.json b/assets/queries/k8s/metadata_label_is_invalid/metadata.json index a784edaa6ad..25a5bd6e014 100644 --- a/assets/queries/k8s/metadata_label_is_invalid/metadata.json +++ b/assets/queries/k8s/metadata_label_is_invalid/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", "platform": "Kubernetes", "descriptionID": "a6921416", - "cwe": "", + "cwe": "710", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/k8s/missing_app_armor_config/metadata.json b/assets/queries/k8s/missing_app_armor_config/metadata.json index 5e5a955b025..b7a61e60707 100644 --- a/assets/queries/k8s/missing_app_armor_config/metadata.json +++ b/assets/queries/k8s/missing_app_armor_config/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tutorials/clusters/apparmor/", "platform": "Kubernetes", "descriptionID": "59c17c0a", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/namespace_lifecycle_admission_control_plugin_disabled/metadata.json b/assets/queries/k8s/namespace_lifecycle_admission_control_plugin_disabled/metadata.json index f805db2db65..57d1348201d 100644 --- a/assets/queries/k8s/namespace_lifecycle_admission_control_plugin_disabled/metadata.json +++ b/assets/queries/k8s/namespace_lifecycle_admission_control_plugin_disabled/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "13e94c89", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/net_raw_capabilities_disabled_for_psp/metadata.json b/assets/queries/k8s/net_raw_capabilities_disabled_for_psp/metadata.json index 76ab29786ac..174683716e9 100644 --- a/assets/queries/k8s/net_raw_capabilities_disabled_for_psp/metadata.json +++ b/assets/queries/k8s/net_raw_capabilities_disabled_for_psp/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "e72d5579", - "cwe": "" + "cwe": "250" } \ No newline at end of file diff --git a/assets/queries/k8s/net_raw_capabilities_not_being_dropped/metadata.json b/assets/queries/k8s/net_raw_capabilities_not_being_dropped/metadata.json index 1d3bcaa1dbd..090df65e12a 100644 --- a/assets/queries/k8s/net_raw_capabilities_not_being_dropped/metadata.json +++ b/assets/queries/k8s/net_raw_capabilities_not_being_dropped/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "e9790956", - "cwe": "" + "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/network_policy_is_not_targeting_any_pod/metadata.json b/assets/queries/k8s/network_policy_is_not_targeting_any_pod/metadata.json index 62497db940e..1c44a0fd1ff 100644 --- a/assets/queries/k8s/network_policy_is_not_targeting_any_pod/metadata.json +++ b/assets/queries/k8s/network_policy_is_not_targeting_any_pod/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/network-policies/", "platform": "Kubernetes", "descriptionID": "be3c67e3", - "cwe": "", + "cwe": "665", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/no_drop_capabilities_for_containers/metadata.json b/assets/queries/k8s/no_drop_capabilities_for_containers/metadata.json index 00ac4ab97a7..e056e20ef22 100644 --- a/assets/queries/k8s/no_drop_capabilities_for_containers/metadata.json +++ b/assets/queries/k8s/no_drop_capabilities_for_containers/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", "platform": "Kubernetes", "descriptionID": "9d3ca6db", - "cwe": "" + "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/metadata.json index 4a6f4a6357a..65284a6d5b3 100644 --- a/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "2a03f1ec", - "cwe": "", + "cwe": "269", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/non_kube_system_pod_with_host_mount/metadata.json b/assets/queries/k8s/non_kube_system_pod_with_host_mount/metadata.json index 128ccd92e9b..394a4e188f0 100644 --- a/assets/queries/k8s/non_kube_system_pod_with_host_mount/metadata.json +++ b/assets/queries/k8s/non_kube_system_pod_with_host_mount/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/storage/volumes/", "platform": "Kubernetes", "descriptionID": "e8553157", - "cwe": "", + "cwe": "668", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/metadata.json b/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/metadata.json index ec424e53baf..843ae46b455 100644 --- a/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/metadata.json +++ b/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "eaf6d4ba", - "cwe": "", + "cwe": "770", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/not_unique_certificate_authority/metadata.json b/assets/queries/k8s/not_unique_certificate_authority/metadata.json index aec91b01c71..a808ba4c89b 100644 --- a/assets/queries/k8s/not_unique_certificate_authority/metadata.json +++ b/assets/queries/k8s/not_unique_certificate_authority/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "d2c6c9e8", - "cwe": "" + "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/k8s/object_is_using_a_deprecated_api_version/metadata.json b/assets/queries/k8s/object_is_using_a_deprecated_api_version/metadata.json index 9732ac263b2..89221bf75ec 100644 --- a/assets/queries/k8s/object_is_using_a_deprecated_api_version/metadata.json +++ b/assets/queries/k8s/object_is_using_a_deprecated_api_version/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/using-api/deprecation-guide/", "platform": "Kubernetes", "descriptionID": "d5c30c5b", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/peer_auto_tls_set_to_true/metadata.json b/assets/queries/k8s/peer_auto_tls_set_to_true/metadata.json index 8cae0b8c753..cc23fb969c6 100644 --- a/assets/queries/k8s/peer_auto_tls_set_to_true/metadata.json +++ b/assets/queries/k8s/peer_auto_tls_set_to_true/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "02a0a4d9", - "cwe": "", + "cwe": "295", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/permissive_access_to_create_pods/metadata.json b/assets/queries/k8s/permissive_access_to_create_pods/metadata.json index 8edd32e8b4a..1e31ba183af 100644 --- a/assets/queries/k8s/permissive_access_to_create_pods/metadata.json +++ b/assets/queries/k8s/permissive_access_to_create_pods/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping", "platform": "Kubernetes", "descriptionID": "c78cb1a7", - "cwe": "" + "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/pod_misconfigured_network_policy/metadata.json b/assets/queries/k8s/pod_misconfigured_network_policy/metadata.json index 94758b58714..939b0279f22 100644 --- a/assets/queries/k8s/pod_misconfigured_network_policy/metadata.json +++ b/assets/queries/k8s/pod_misconfigured_network_policy/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/network-policies/", "platform": "Kubernetes", "descriptionID": "20500552", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/pod_or_container_without_limit_range/metadata.json b/assets/queries/k8s/pod_or_container_without_limit_range/metadata.json index f2dff7cda6f..e12fde195df 100644 --- a/assets/queries/k8s/pod_or_container_without_limit_range/metadata.json +++ b/assets/queries/k8s/pod_or_container_without_limit_range/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/limit-range/", "platform": "Kubernetes", "descriptionID": "142ed21f", - "cwe": "" + "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/pod_or_container_without_resource_quota/metadata.json b/assets/queries/k8s/pod_or_container_without_resource_quota/metadata.json index d09ed8185b6..88820c05cf5 100644 --- a/assets/queries/k8s/pod_or_container_without_resource_quota/metadata.json +++ b/assets/queries/k8s/pod_or_container_without_resource_quota/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/resource-quotas/", "platform": "Kubernetes", "descriptionID": "86499ed5", - "cwe": "" + "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/pod_or_container_without_security_context/metadata.json b/assets/queries/k8s/pod_or_container_without_security_context/metadata.json index 12b570428ae..5196d61aef6 100644 --- a/assets/queries/k8s/pod_or_container_without_security_context/metadata.json +++ b/assets/queries/k8s/pod_or_container_without_security_context/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "68a1650b", - "cwe": "" + "cwe": "285" } \ No newline at end of file diff --git a/assets/queries/k8s/pod_security_policy_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/pod_security_policy_admission_control_plugin_not_set/metadata.json index 981ed27d238..cdb19443cb4 100644 --- a/assets/queries/k8s/pod_security_policy_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/pod_security_policy_admission_control_plugin_not_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "5b3d44e9", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/privilege_escalation_allowed/metadata.json b/assets/queries/k8s/privilege_escalation_allowed/metadata.json index 2ad1753f73d..4f96b24e8a1 100644 --- a/assets/queries/k8s/privilege_escalation_allowed/metadata.json +++ b/assets/queries/k8s/privilege_escalation_allowed/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "525fccf4", - "cwe": "" + "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/profiling_not_set_to_false/metadata.json b/assets/queries/k8s/profiling_not_set_to_false/metadata.json index 44bb31663ed..aef0d1d1e49 100644 --- a/assets/queries/k8s/profiling_not_set_to_false/metadata.json +++ b/assets/queries/k8s/profiling_not_set_to_false/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "622a1db7", - "cwe": "" + "cwe": "779" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_allows_privilege_escalation/metadata.json b/assets/queries/k8s/psp_allows_privilege_escalation/metadata.json index ba516644fa0..7b20371d763 100644 --- a/assets/queries/k8s/psp_allows_privilege_escalation/metadata.json +++ b/assets/queries/k8s/psp_allows_privilege_escalation/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "d7c5e3ad", - "cwe": "", + "cwe": "269", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_allows_sharing_host_ipc/metadata.json b/assets/queries/k8s/psp_allows_sharing_host_ipc/metadata.json index 9bf4cb111b8..deadc048199 100644 --- a/assets/queries/k8s/psp_allows_sharing_host_ipc/metadata.json +++ b/assets/queries/k8s/psp_allows_sharing_host_ipc/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "329be51b", - "cwe": "", + "cwe": "250", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_allows_sharing_host_pid/metadata.json b/assets/queries/k8s/psp_allows_sharing_host_pid/metadata.json index 30c875fe3a4..590525bf756 100644 --- a/assets/queries/k8s/psp_allows_sharing_host_pid/metadata.json +++ b/assets/queries/k8s/psp_allows_sharing_host_pid/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "980c2b40", - "cwe": "" + "cwe": "250" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_containers_share_host_network_namespace/metadata.json b/assets/queries/k8s/psp_containers_share_host_network_namespace/metadata.json index 067cf8cf147..2df105f5f8c 100644 --- a/assets/queries/k8s/psp_containers_share_host_network_namespace/metadata.json +++ b/assets/queries/k8s/psp_containers_share_host_network_namespace/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "4b468f08", - "cwe": "" + "cwe": "250" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_set_to_privileged/metadata.json b/assets/queries/k8s/psp_set_to_privileged/metadata.json index ee7bad1d94f..183cf3a7d28 100644 --- a/assets/queries/k8s/psp_set_to_privileged/metadata.json +++ b/assets/queries/k8s/psp_set_to_privileged/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod_security_policy#privileged", "platform": "Kubernetes", "descriptionID": "11a8da07", - "cwe": "", + "cwe": "732", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_with_added_capabilities/metadata.json b/assets/queries/k8s/psp_with_added_capabilities/metadata.json index ac3388dd41a..a49a78e2138 100644 --- a/assets/queries/k8s/psp_with_added_capabilities/metadata.json +++ b/assets/queries/k8s/psp_with_added_capabilities/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "2889da19", - "cwe": "", + "cwe": "250", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_with_unrestricted_access_to_host_path/metadata.json b/assets/queries/k8s/psp_with_unrestricted_access_to_host_path/metadata.json index afcc4e17a5c..55467330d51 100644 --- a/assets/queries/k8s/psp_with_unrestricted_access_to_host_path/metadata.json +++ b/assets/queries/k8s/psp_with_unrestricted_access_to_host_path/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems", "platform": "Kubernetes", "descriptionID": "fc4b7215", - "cwe": "" + "cwe": "250" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_allow_privilege_escalation/metadata.json b/assets/queries/k8s/rbac_roles_allow_privilege_escalation/metadata.json index 404f9095fc5..6c1bb5df559 100644 --- a/assets/queries/k8s/rbac_roles_allow_privilege_escalation/metadata.json +++ b/assets/queries/k8s/rbac_roles_allow_privilege_escalation/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/#restrictions-on-role-binding-creation-or-update", "platform": "Kubernetes", "descriptionID": "8320826e", - "cwe": "" + "cwe": "288" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_with_attach_permission/metadata.json b/assets/queries/k8s/rbac_roles_with_attach_permission/metadata.json index f9601752036..1f2bcf147b3 100644 --- a/assets/queries/k8s/rbac_roles_with_attach_permission/metadata.json +++ b/assets/queries/k8s/rbac_roles_with_attach_permission/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "d45330fd", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_with_exec_permission/metadata.json b/assets/queries/k8s/rbac_roles_with_exec_permission/metadata.json index a561ba130c5..6938271ee9c 100644 --- a/assets/queries/k8s/rbac_roles_with_exec_permission/metadata.json +++ b/assets/queries/k8s/rbac_roles_with_exec_permission/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "c589f42c", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_with_impersonate_permission/metadata.json b/assets/queries/k8s/rbac_roles_with_impersonate_permission/metadata.json index aad87cb211b..1db35ee2b8c 100644 --- a/assets/queries/k8s/rbac_roles_with_impersonate_permission/metadata.json +++ b/assets/queries/k8s/rbac_roles_with_impersonate_permission/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation", "platform": "Kubernetes", "descriptionID": "9f85c3f6", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_with_portforwarding_permissions/metadata.json b/assets/queries/k8s/rbac_roles_with_portforwarding_permissions/metadata.json index 2aa19c28e68..eef15e9487b 100644 --- a/assets/queries/k8s/rbac_roles_with_portforwarding_permissions/metadata.json +++ b/assets/queries/k8s/rbac_roles_with_portforwarding_permissions/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "38fa11ef", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_with_read_secrets_permissions/metadata.json b/assets/queries/k8s/rbac_roles_with_read_secrets_permissions/metadata.json index efdfc0b7e28..c1ff7129cd9 100644 --- a/assets/queries/k8s/rbac_roles_with_read_secrets_permissions/metadata.json +++ b/assets/queries/k8s/rbac_roles_with_read_secrets_permissions/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "ca97f029", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_wildcard_in_rule/metadata.json b/assets/queries/k8s/rbac_wildcard_in_rule/metadata.json index 0068d6b35ba..f83fb016f32 100644 --- a/assets/queries/k8s/rbac_wildcard_in_rule/metadata.json +++ b/assets/queries/k8s/rbac_wildcard_in_rule/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "ccf4e279", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/readiness_probe_is_not_configured/metadata.json b/assets/queries/k8s/readiness_probe_is_not_configured/metadata.json index 6e601c8fc82..13081fe78b3 100644 --- a/assets/queries/k8s/readiness_probe_is_not_configured/metadata.json +++ b/assets/queries/k8s/readiness_probe_is_not_configured/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes", "platform": "Kubernetes", "descriptionID": "28c0498a", - "cwe": "" + "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/k8s/request_timeout_not_properly_set/metadata.json b/assets/queries/k8s/request_timeout_not_properly_set/metadata.json index 6d09f4edb80..031898d5d35 100644 --- a/assets/queries/k8s/request_timeout_not_properly_set/metadata.json +++ b/assets/queries/k8s/request_timeout_not_properly_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "592c7cba", - "cwe": "" + "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/k8s/role_binding_to_default_service_account/metadata.json b/assets/queries/k8s/role_binding_to_default_service_account/metadata.json index d888299185f..26f78a9eec4 100644 --- a/assets/queries/k8s/role_binding_to_default_service_account/metadata.json +++ b/assets/queries/k8s/role_binding_to_default_service_account/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "platform": "Kubernetes", "descriptionID": "9879e8c2", - "cwe": "", + "cwe": "665", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/root_ca_file_not_defined/metadata.json b/assets/queries/k8s/root_ca_file_not_defined/metadata.json index a9f542b7b6f..843d13f1d37 100644 --- a/assets/queries/k8s/root_ca_file_not_defined/metadata.json +++ b/assets/queries/k8s/root_ca_file_not_defined/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/", "platform": "Kubernetes", "descriptionID": "7d439960", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/k8s/root_container_not_mounted_as_read_only/metadata.json b/assets/queries/k8s/root_container_not_mounted_as_read_only/metadata.json index a61e5811ba4..a4e1bae45b9 100644 --- a/assets/queries/k8s/root_container_not_mounted_as_read_only/metadata.json +++ b/assets/queries/k8s/root_container_not_mounted_as_read_only/metadata.json @@ -3,9 +3,9 @@ "queryName": "Root Container Not Mounted Read-only", "severity": "LOW", "category": "Build Process", - "descriptionText": "Check if the root container filesystem is not being mounted read-only.", + "descriptionText": "Check if the root container filesystem is not being mounted as read-only.", "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "0d2df1e5", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/k8s/root_containers_admitted/metadata.json b/assets/queries/k8s/root_containers_admitted/metadata.json index d36908c1fd4..6ee442afb68 100644 --- a/assets/queries/k8s/root_containers_admitted/metadata.json +++ b/assets/queries/k8s/root_containers_admitted/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "2fe54446", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rotate_kubelet_server_certificate_not_active/metadata.json b/assets/queries/k8s/rotate_kubelet_server_certificate_not_active/metadata.json index 54535359123..563c33bae94 100644 --- a/assets/queries/k8s/rotate_kubelet_server_certificate_not_active/metadata.json +++ b/assets/queries/k8s/rotate_kubelet_server_certificate_not_active/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "a4f48785", - "cwe": "" + "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/k8s/seccomp_profile_is_not_configured/metadata.json b/assets/queries/k8s/seccomp_profile_is_not_configured/metadata.json index a191c80d192..91871af9f4b 100644 --- a/assets/queries/k8s/seccomp_profile_is_not_configured/metadata.json +++ b/assets/queries/k8s/seccomp_profile_is_not_configured/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tutorials/security/seccomp/#create-pod-that-uses-the-container-runtime-default-seccomp-profile", "platform": "Kubernetes", "descriptionID": "d943c7e7", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/secrets_as_environment_variables/metadata.json b/assets/queries/k8s/secrets_as_environment_variables/metadata.json index a1febee3e68..05b6c4736f1 100644 --- a/assets/queries/k8s/secrets_as_environment_variables/metadata.json +++ b/assets/queries/k8s/secrets_as_environment_variables/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables", "platform": "Kubernetes", "descriptionID": "99365a7d", - "cwe": "" + "cwe": "526" } \ No newline at end of file diff --git a/assets/queries/k8s/secure_port_set_to_zero/metadata.json b/assets/queries/k8s/secure_port_set_to_zero/metadata.json index 47ed9880f59..f90a251bece 100644 --- a/assets/queries/k8s/secure_port_set_to_zero/metadata.json +++ b/assets/queries/k8s/secure_port_set_to_zero/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "adf24d20", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/security_context_deny_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/security_context_deny_admission_control_plugin_not_set/metadata.json index 130d78f848f..51b67b3b9b5 100644 --- a/assets/queries/k8s/security_context_deny_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/security_context_deny_admission_control_plugin_not_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "571f15ee", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_admission_control_plugin_disabled/metadata.json b/assets/queries/k8s/service_account_admission_control_plugin_disabled/metadata.json index d763f86eb12..014a446f8d5 100644 --- a/assets/queries/k8s/service_account_admission_control_plugin_disabled/metadata.json +++ b/assets/queries/k8s/service_account_admission_control_plugin_disabled/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "3649a726", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_allows_access_secrets/metadata.json b/assets/queries/k8s/service_account_allows_access_secrets/metadata.json index a1cc1c3d10f..81200f05fb1 100644 --- a/assets/queries/k8s/service_account_allows_access_secrets/metadata.json +++ b/assets/queries/k8s/service_account_allows_access_secrets/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "79619280", - "cwe": "" + "cwe": "522" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_key_file_not_properly_set/metadata.json b/assets/queries/k8s/service_account_key_file_not_properly_set/metadata.json index c4ac5ef1dd0..7f37238ed3d 100644 --- a/assets/queries/k8s/service_account_key_file_not_properly_set/metadata.json +++ b/assets/queries/k8s/service_account_key_file_not_properly_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "2f3224e8", - "cwe": "" + "cwe": "522" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_lookup_set_to_false/metadata.json b/assets/queries/k8s/service_account_lookup_set_to_false/metadata.json index 7612189006a..244be7b7195 100644 --- a/assets/queries/k8s/service_account_lookup_set_to_false/metadata.json +++ b/assets/queries/k8s/service_account_lookup_set_to_false/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "c957c855", - "cwe": "" + "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_name_undefined_or_empty/metadata.json b/assets/queries/k8s/service_account_name_undefined_or_empty/metadata.json index 35cb8628652..39d6560a208 100644 --- a/assets/queries/k8s/service_account_name_undefined_or_empty/metadata.json +++ b/assets/queries/k8s/service_account_name_undefined_or_empty/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "platform": "Kubernetes", "descriptionID": "2940f843", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_private_key_file_not_defined/metadata.json b/assets/queries/k8s/service_account_private_key_file_not_defined/metadata.json index e66e547e4b4..53933f61569 100644 --- a/assets/queries/k8s/service_account_private_key_file_not_defined/metadata.json +++ b/assets/queries/k8s/service_account_private_key_file_not_defined/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/", "platform": "Kubernetes", "descriptionID": "b2fc61b4", - "cwe": "", + "cwe": "286", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_token_automount_not_disabled/metadata.json b/assets/queries/k8s/service_account_token_automount_not_disabled/metadata.json index 1272461aaab..31237b290f7 100644 --- a/assets/queries/k8s/service_account_token_automount_not_disabled/metadata.json +++ b/assets/queries/k8s/service_account_token_automount_not_disabled/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server", "platform": "Kubernetes", "descriptionID": "51cade0f", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/service_does_not_target_pod/metadata.json b/assets/queries/k8s/service_does_not_target_pod/metadata.json index e538360d81f..12fedfbfc25 100644 --- a/assets/queries/k8s/service_does_not_target_pod/metadata.json +++ b/assets/queries/k8s/service_does_not_target_pod/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/service/", "platform": "Kubernetes", "descriptionID": "e7c26645", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/service_type_is_nodeport/metadata.json b/assets/queries/k8s/service_type_is_nodeport/metadata.json index 1b8489b2e52..11584149a50 100644 --- a/assets/queries/k8s/service_type_is_nodeport/metadata.json +++ b/assets/queries/k8s/service_type_is_nodeport/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/service/", "platform": "Kubernetes", "descriptionID": "4744714e", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/service_with_external_load_balancer/metadata.json b/assets/queries/k8s/service_with_external_load_balancer/metadata.json index 6d495506374..5446ceef10e 100644 --- a/assets/queries/k8s/service_with_external_load_balancer/metadata.json +++ b/assets/queries/k8s/service_with_external_load_balancer/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", "platform": "Kubernetes", "descriptionID": "2e090344", - "cwe": "" + "cwe": "552" } \ No newline at end of file diff --git a/assets/queries/k8s/shared_host_ipc_namespace/metadata.json b/assets/queries/k8s/shared_host_ipc_namespace/metadata.json index a21a1ff6f1d..a11d4bb884a 100644 --- a/assets/queries/k8s/shared_host_ipc_namespace/metadata.json +++ b/assets/queries/k8s/shared_host_ipc_namespace/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "1ef1fe71", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/k8s/shared_host_network_namespace/metadata.json b/assets/queries/k8s/shared_host_network_namespace/metadata.json index 3b40f958b8b..b4aa803a8d4 100644 --- a/assets/queries/k8s/shared_host_network_namespace/metadata.json +++ b/assets/queries/k8s/shared_host_network_namespace/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "50e5de80", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/k8s/shared_host_pid_namespace/metadata.json b/assets/queries/k8s/shared_host_pid_namespace/metadata.json index 83470980460..137993710a3 100644 --- a/assets/queries/k8s/shared_host_pid_namespace/metadata.json +++ b/assets/queries/k8s/shared_host_pid_namespace/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "c34092eb", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/k8s/shared_service_account/metadata.json b/assets/queries/k8s/shared_service_account/metadata.json index 065041ce83b..72dafa081c7 100644 --- a/assets/queries/k8s/shared_service_account/metadata.json +++ b/assets/queries/k8s/shared_service_account/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "platform": "Kubernetes", "descriptionID": "f1c94544", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/k8s/statefulset_has_no_pod_anti_affinity/metadata.json b/assets/queries/k8s/statefulset_has_no_pod_anti_affinity/metadata.json index 5fe84676227..06dc2055f08 100644 --- a/assets/queries/k8s/statefulset_has_no_pod_anti_affinity/metadata.json +++ b/assets/queries/k8s/statefulset_has_no_pod_anti_affinity/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/", "platform": "Kubernetes", "descriptionID": "f0d30dd9", - "cwe": "" + "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/statefulset_requests_storage/metadata.json b/assets/queries/k8s/statefulset_requests_storage/metadata.json index fd50e54d59c..71a3de12c1e 100644 --- a/assets/queries/k8s/statefulset_requests_storage/metadata.json +++ b/assets/queries/k8s/statefulset_requests_storage/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/", "platform": "Kubernetes", "descriptionID": "6210afe6", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/statefulset_without_pod_disruption_budget/metadata.json b/assets/queries/k8s/statefulset_without_pod_disruption_budget/metadata.json index 5ce8de04fce..e3b103cea04 100644 --- a/assets/queries/k8s/statefulset_without_pod_disruption_budget/metadata.json +++ b/assets/queries/k8s/statefulset_without_pod_disruption_budget/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/run-application/configure-pdb/", "platform": "Kubernetes", "descriptionID": "f3c77130", - "cwe": "" + "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/k8s/statefulset_without_service_name/metadata.json b/assets/queries/k8s/statefulset_without_service_name/metadata.json index 6c41674552c..9d5bed7296e 100644 --- a/assets/queries/k8s/statefulset_without_service_name/metadata.json +++ b/assets/queries/k8s/statefulset_without_service_name/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/", "platform": "Kubernetes", "descriptionID": "2ce554f2", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/terminated_pod_garbage_collector_threshold_not_properly_set/metadata.json b/assets/queries/k8s/terminated_pod_garbage_collector_threshold_not_properly_set/metadata.json index cf80ff631ae..2f87462c4bb 100644 --- a/assets/queries/k8s/terminated_pod_garbage_collector_threshold_not_properly_set/metadata.json +++ b/assets/queries/k8s/terminated_pod_garbage_collector_threshold_not_properly_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/", "platform": "Kubernetes", "descriptionID": "19ea96ee", - "cwe": "" + "cwe": "460" } \ No newline at end of file diff --git a/assets/queries/k8s/tiller_deployment_is_accessible_from_within_the_cluster/metadata.json b/assets/queries/k8s/tiller_deployment_is_accessible_from_within_the_cluster/metadata.json index 83744337ccb..d9d7ac50b19 100644 --- a/assets/queries/k8s/tiller_deployment_is_accessible_from_within_the_cluster/metadata.json +++ b/assets/queries/k8s/tiller_deployment_is_accessible_from_within_the_cluster/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/containers/images/", "platform": "Kubernetes", "descriptionID": "615614b8", - "cwe": "" + "cwe": "286" } \ No newline at end of file diff --git a/assets/queries/k8s/tiller_is_deployed/metadata.json b/assets/queries/k8s/tiller_is_deployed/metadata.json index 8b76cc83f67..0d191f342c8 100644 --- a/assets/queries/k8s/tiller_is_deployed/metadata.json +++ b/assets/queries/k8s/tiller_is_deployed/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/containers/images/", "platform": "Kubernetes", "descriptionID": "b0a009b5", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/k8s/tiller_service_is_not_deleted/metadata.json b/assets/queries/k8s/tiller_service_is_not_deleted/metadata.json index 7096e1e68cc..cc83af69875 100644 --- a/assets/queries/k8s/tiller_service_is_not_deleted/metadata.json +++ b/assets/queries/k8s/tiller_service_is_not_deleted/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/service", "platform": "Kubernetes", "descriptionID": "4e704117", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/tls_connection_certificate_not_setup/metadata.json b/assets/queries/k8s/tls_connection_certificate_not_setup/metadata.json index 2651e40efd2..0af6d922ed6 100644 --- a/assets/queries/k8s/tls_connection_certificate_not_setup/metadata.json +++ b/assets/queries/k8s/tls_connection_certificate_not_setup/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "c8b75f30", - "cwe": "", + "cwe": "295", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/token_auth_file_is_set/metadata.json b/assets/queries/k8s/token_auth_file_is_set/metadata.json index 786b975223b..92f34c88db7 100644 --- a/assets/queries/k8s/token_auth_file_is_set/metadata.json +++ b/assets/queries/k8s/token_auth_file_is_set/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "5aa79e60", - "cwe": "" + "cwe": "285" } \ No newline at end of file diff --git a/assets/queries/k8s/use_service_account_credentials_not_set_to_true/metadata.json b/assets/queries/k8s/use_service_account_credentials_not_set_to_true/metadata.json index a6e6f148927..d762d355cb8 100644 --- a/assets/queries/k8s/use_service_account_credentials_not_set_to_true/metadata.json +++ b/assets/queries/k8s/use_service_account_credentials_not_set_to_true/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/", "platform": "Kubernetes", "descriptionID": "f6b4d617", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/using_kubernetes_native_secret_management/metadata.json b/assets/queries/k8s/using_kubernetes_native_secret_management/metadata.json index 3d15e2d5e81..e90522f5574 100644 --- a/assets/queries/k8s/using_kubernetes_native_secret_management/metadata.json +++ b/assets/queries/k8s/using_kubernetes_native_secret_management/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/configuration/secret/", "platform": "Kubernetes", "descriptionID": "3d7b569c", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/k8s/using_unrecommended_namespace/metadata.json b/assets/queries/k8s/using_unrecommended_namespace/metadata.json index 5d50f2e67b5..30dfa26fc7d 100644 --- a/assets/queries/k8s/using_unrecommended_namespace/metadata.json +++ b/assets/queries/k8s/using_unrecommended_namespace/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/", "platform": "Kubernetes", "descriptionID": "29549ea9", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/metadata.json b/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/metadata.json index 10157c825d9..20ec36d7636 100644 --- a/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/metadata.json +++ b/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/storage/volumes/", "platform": "Kubernetes", "descriptionID": "e42b7901", - "cwe": "", + "cwe": "284", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/weak_tls_cipher_suites/metadata.json b/assets/queries/k8s/weak_tls_cipher_suites/metadata.json index 9a4bb7df726..9b34c859187 100644 --- a/assets/queries/k8s/weak_tls_cipher_suites/metadata.json +++ b/assets/queries/k8s/weak_tls_cipher_suites/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", "platform": "Kubernetes", "descriptionID": "cbb6cab8", - "cwe": "" + "cwe": "326" } \ No newline at end of file diff --git a/assets/queries/k8s/workload_host_port_not_specified/metadata.json b/assets/queries/k8s/workload_host_port_not_specified/metadata.json index 746a9e9bbc1..770f1c448b9 100644 --- a/assets/queries/k8s/workload_host_port_not_specified/metadata.json +++ b/assets/queries/k8s/workload_host_port_not_specified/metadata.json @@ -7,5 +7,5 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#exposing-the-service", "platform": "Kubernetes", "descriptionID": "dba41ddb", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/metadata.json b/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/metadata.json index 9ccab8265d7..adbf37ce81f 100644 --- a/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/metadata.json +++ b/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/metadata.json @@ -7,6 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "73339cde", - "cwe": "", + "cwe": "200", "oldSeverity": "MEDIUM" } \ No newline at end of file From bd4f004a26ede2ded39bc04390514613786fdec5 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Mon, 1 Jul 2024 16:40:44 +0100 Subject: [PATCH 06/10] add cloudProvider field to all queries metadata --- .../k8s/always_admit_admission_control_plugin_set/metadata.json | 1 + .../metadata.json | 1 + .../queries/k8s/anonymous_auth_is_not_set_to_false/metadata.json | 1 + .../queries/k8s/audit_log_maxage_not_properly_set/metadata.json | 1 + .../k8s/audit_log_maxbackup_not_properly_set/metadata.json | 1 + .../queries/k8s/audit_log_maxsize_not_properly_set/metadata.json | 1 + assets/queries/k8s/audit_log_path_not_set/metadata.json | 1 + assets/queries/k8s/audit_policy_file_not_defined/metadata.json | 1 + .../audit_policy_not_cover_key_security_concerns/metadata.json | 1 + assets/queries/k8s/authorization_mode_node_not_set/metadata.json | 1 + assets/queries/k8s/authorization_mode_rbac_not_set/metadata.json | 1 + .../k8s/authorization_mode_set_to_always_allow/metadata.json | 1 + assets/queries/k8s/auto_tls_set_to_true/metadata.json | 1 + assets/queries/k8s/basic_auth_file_is_set/metadata.json | 1 + .../metadata.json | 1 + .../metadata.json | 1 + assets/queries/k8s/cluster_allows_unsafe_sysctls/metadata.json | 1 + .../cni_plugin_does_not_support_network_policies/metadata.json | 1 + assets/queries/k8s/container_is_privileged/metadata.json | 1 + assets/queries/k8s/containers_run_with_low_uid/metadata.json | 1 + assets/queries/k8s/containers_running_as_root/metadata.json | 1 + .../queries/k8s/containers_with_added_capabilities/metadata.json | 1 + .../k8s/containers_with_sys_admin_capabilities/metadata.json | 1 + assets/queries/k8s/cpu_limits_not_set/metadata.json | 1 + assets/queries/k8s/cpu_requests_not_set/metadata.json | 1 + assets/queries/k8s/cronjob_deadline_not_configured/metadata.json | 1 + assets/queries/k8s/dashboard_is_enabled/metadata.json | 1 + .../k8s/deployment_has_no_pod_anti_affinity/metadata.json | 1 + .../k8s/deployment_without_pod_disruption_budget/metadata.json | 1 + .../docker_daemon_socket_is_exposed_to_containers/metadata.json | 1 + .../k8s/encryption_provider_config_is_not_defined/metadata.json | 1 + .../encryption_provider_not_properly_configured/metadata.json | 1 + .../metadata.json | 1 + .../metadata.json | 1 + .../k8s/etcd_client_certificate_file_not_defined/metadata.json | 1 + .../metadata.json | 1 + .../metadata.json | 1 + .../etcd_tls_certificate_files_not_properly_set/metadata.json | 1 + .../etcd_tls_certificate_not_properly_configured/metadata.json | 1 + .../metadata.json | 1 + .../metadata.json | 1 + assets/queries/k8s/hpa_targets_invalid_object/metadata.json | 1 + .../metadata.json | 1 + .../image_pull_policy_of_container_is_not_always/metadata.json | 1 + assets/queries/k8s/image_without_digest/metadata.json | 1 + .../metadata.json | 1 + .../k8s/ingress_controller_exposes_workload/metadata.json | 1 + assets/queries/k8s/insecure_bind_address_set/metadata.json | 1 + assets/queries/k8s/insecure_port_not_properly_set/metadata.json | 1 + assets/queries/k8s/invalid_image/metadata.json | 1 + .../k8s/kubelet_certificate_authority_not_set/metadata.json | 1 + .../k8s/kubelet_client_certificate_or_key_not_set/metadata.json | 1 + .../metadata.json | 1 + .../queries/k8s/kubelet_event_qps_not_properly_set/metadata.json | 1 + .../queries/k8s/kubelet_hostname_override_is_set/metadata.json | 1 + assets/queries/k8s/kubelet_https_set_to_false/metadata.json | 1 + assets/queries/k8s/kubelet_not_managing_ip_tables/metadata.json | 1 + .../kubelet_protect_kernel_defaults_set_to_false/metadata.json | 1 + .../k8s/kubelet_read_only_port_is_not_set_to_zero/metadata.json | 1 + .../kubelet_streaming_connection_timeout_disabled/metadata.json | 1 + assets/queries/k8s/liveness_probe_is_not_defined/metadata.json | 1 + assets/queries/k8s/memory_limits_not_defined/metadata.json | 1 + assets/queries/k8s/memory_requests_not_defined/metadata.json | 1 + assets/queries/k8s/metadata_label_is_invalid/metadata.json | 1 + assets/queries/k8s/missing_app_armor_config/metadata.json | 1 + .../metadata.json | 1 + .../k8s/net_raw_capabilities_disabled_for_psp/metadata.json | 1 + .../k8s/net_raw_capabilities_not_being_dropped/metadata.json | 1 + .../k8s/network_policy_is_not_targeting_any_pod/metadata.json | 1 + .../k8s/no_drop_capabilities_for_containers/metadata.json | 1 + .../metadata.json | 1 + .../k8s/non_kube_system_pod_with_host_mount/metadata.json | 1 + .../metadata.json | 1 + .../queries/k8s/not_unique_certificate_authority/metadata.json | 1 + .../k8s/object_is_using_a_deprecated_api_version/metadata.json | 1 + assets/queries/k8s/peer_auto_tls_set_to_true/metadata.json | 1 + .../queries/k8s/permissive_access_to_create_pods/metadata.json | 1 + .../queries/k8s/pod_misconfigured_network_policy/metadata.json | 1 + .../k8s/pod_or_container_without_limit_range/metadata.json | 1 + .../k8s/pod_or_container_without_resource_quota/metadata.json | 1 + .../k8s/pod_or_container_without_security_context/metadata.json | 1 + .../metadata.json | 1 + assets/queries/k8s/privilege_escalation_allowed/metadata.json | 1 + assets/queries/k8s/profiling_not_set_to_false/metadata.json | 1 + assets/queries/k8s/psp_allows_privilege_escalation/metadata.json | 1 + assets/queries/k8s/psp_allows_sharing_host_ipc/metadata.json | 1 + assets/queries/k8s/psp_allows_sharing_host_pid/metadata.json | 1 + .../psp_containers_share_host_network_namespace/metadata.json | 1 + assets/queries/k8s/psp_set_to_privileged/metadata.json | 1 + assets/queries/k8s/psp_with_added_capabilities/metadata.json | 1 + .../k8s/psp_with_unrestricted_access_to_host_path/metadata.json | 1 + .../k8s/rbac_roles_allow_privilege_escalation/metadata.json | 1 + .../queries/k8s/rbac_roles_with_attach_permission/metadata.json | 1 + assets/queries/k8s/rbac_roles_with_exec_permission/metadata.json | 1 + .../k8s/rbac_roles_with_impersonate_permission/metadata.json | 1 + .../k8s/rbac_roles_with_portforwarding_permissions/metadata.json | 1 + .../k8s/rbac_roles_with_read_secrets_permissions/metadata.json | 1 + assets/queries/k8s/rbac_wildcard_in_rule/metadata.json | 1 + .../queries/k8s/readiness_probe_is_not_configured/metadata.json | 1 + .../queries/k8s/request_timeout_not_properly_set/metadata.json | 1 + .../k8s/role_binding_to_default_service_account/metadata.json | 1 + assets/queries/k8s/root_ca_file_not_defined/metadata.json | 1 + .../k8s/root_container_not_mounted_as_read_only/metadata.json | 1 + assets/queries/k8s/root_containers_admitted/metadata.json | 1 + .../rotate_kubelet_server_certificate_not_active/metadata.json | 1 + .../queries/k8s/seccomp_profile_is_not_configured/metadata.json | 1 + .../queries/k8s/secrets_as_environment_variables/metadata.json | 1 + assets/queries/k8s/secure_port_set_to_zero/metadata.json | 1 + .../metadata.json | 1 + .../metadata.json | 1 + .../k8s/service_account_allows_access_secrets/metadata.json | 1 + .../k8s/service_account_key_file_not_properly_set/metadata.json | 1 + .../k8s/service_account_lookup_set_to_false/metadata.json | 1 + .../k8s/service_account_name_undefined_or_empty/metadata.json | 1 + .../service_account_private_key_file_not_defined/metadata.json | 1 + .../service_account_token_automount_not_disabled/metadata.json | 1 + assets/queries/k8s/service_does_not_target_pod/metadata.json | 1 + assets/queries/k8s/service_type_is_nodeport/metadata.json | 1 + .../k8s/service_with_external_load_balancer/metadata.json | 1 + assets/queries/k8s/shared_host_ipc_namespace/metadata.json | 1 + assets/queries/k8s/shared_host_network_namespace/metadata.json | 1 + assets/queries/k8s/shared_host_pid_namespace/metadata.json | 1 + assets/queries/k8s/shared_service_account/metadata.json | 1 + .../k8s/statefulset_has_no_pod_anti_affinity/metadata.json | 1 + assets/queries/k8s/statefulset_requests_storage/metadata.json | 1 + .../k8s/statefulset_without_pod_disruption_budget/metadata.json | 1 + .../queries/k8s/statefulset_without_service_name/metadata.json | 1 + .../metadata.json | 1 + .../metadata.json | 1 + assets/queries/k8s/tiller_is_deployed/metadata.json | 1 + assets/queries/k8s/tiller_service_is_not_deleted/metadata.json | 1 + .../k8s/tls_connection_certificate_not_setup/metadata.json | 1 + assets/queries/k8s/token_auth_file_is_set/metadata.json | 1 + .../metadata.json | 1 + .../k8s/using_kubernetes_native_secret_management/metadata.json | 1 + assets/queries/k8s/using_unrecommended_namespace/metadata.json | 1 + .../metadata.json | 1 + assets/queries/k8s/weak_tls_cipher_suites/metadata.json | 1 + .../queries/k8s/workload_host_port_not_specified/metadata.json | 1 + .../workload_mounting_with_sensitive_os_directory/metadata.json | 1 + 140 files changed, 140 insertions(+) diff --git a/assets/queries/k8s/always_admit_admission_control_plugin_set/metadata.json b/assets/queries/k8s/always_admit_admission_control_plugin_set/metadata.json index 4e50a2ea01e..e3003d53c1b 100644 --- a/assets/queries/k8s/always_admit_admission_control_plugin_set/metadata.json +++ b/assets/queries/k8s/always_admit_admission_control_plugin_set/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "782a8f84", + "cloudProvider": "common", "cwe": "285", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/always_pull_images_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/always_pull_images_admission_control_plugin_not_set/metadata.json index 23819b5610d..d666cae7ed6 100644 --- a/assets/queries/k8s/always_pull_images_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/always_pull_images_admission_control_plugin_not_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "503bf412", + "cloudProvider": "common", "cwe": "829" } \ No newline at end of file diff --git a/assets/queries/k8s/anonymous_auth_is_not_set_to_false/metadata.json b/assets/queries/k8s/anonymous_auth_is_not_set_to_false/metadata.json index faeb0054b1b..b0357460b7e 100644 --- a/assets/queries/k8s/anonymous_auth_is_not_set_to_false/metadata.json +++ b/assets/queries/k8s/anonymous_auth_is_not_set_to_false/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "2e5b19cc", + "cloudProvider": "common", "cwe": "1390" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_log_maxage_not_properly_set/metadata.json b/assets/queries/k8s/audit_log_maxage_not_properly_set/metadata.json index 761ae74cd78..1c38b80ccdc 100644 --- a/assets/queries/k8s/audit_log_maxage_not_properly_set/metadata.json +++ b/assets/queries/k8s/audit_log_maxage_not_properly_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "a5bc6d07", + "cloudProvider": "common", "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_log_maxbackup_not_properly_set/metadata.json b/assets/queries/k8s/audit_log_maxbackup_not_properly_set/metadata.json index 3d732e5019e..c562ef84b7c 100644 --- a/assets/queries/k8s/audit_log_maxbackup_not_properly_set/metadata.json +++ b/assets/queries/k8s/audit_log_maxbackup_not_properly_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "eb8a6c2a", + "cloudProvider": "common", "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_log_maxsize_not_properly_set/metadata.json b/assets/queries/k8s/audit_log_maxsize_not_properly_set/metadata.json index 2ec799a74be..ba5c5b67a8c 100644 --- a/assets/queries/k8s/audit_log_maxsize_not_properly_set/metadata.json +++ b/assets/queries/k8s/audit_log_maxsize_not_properly_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "9609fc23", + "cloudProvider": "common", "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_log_path_not_set/metadata.json b/assets/queries/k8s/audit_log_path_not_set/metadata.json index 0eefa7d7229..42528da3dc1 100644 --- a/assets/queries/k8s/audit_log_path_not_set/metadata.json +++ b/assets/queries/k8s/audit_log_path_not_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "21d0f732", + "cloudProvider": "common", "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_policy_file_not_defined/metadata.json b/assets/queries/k8s/audit_policy_file_not_defined/metadata.json index 3ad6800c4bd..217b2ea2a5d 100644 --- a/assets/queries/k8s/audit_policy_file_not_defined/metadata.json +++ b/assets/queries/k8s/audit_policy_file_not_defined/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "7ae0f3cb", + "cloudProvider": "common", "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/audit_policy_not_cover_key_security_concerns/metadata.json b/assets/queries/k8s/audit_policy_not_cover_key_security_concerns/metadata.json index 99088f92810..7e16dee42dd 100644 --- a/assets/queries/k8s/audit_policy_not_cover_key_security_concerns/metadata.json +++ b/assets/queries/k8s/audit_policy_not_cover_key_security_concerns/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/debug-application-cluster/audit/", "platform": "Kubernetes", "descriptionID": "4a720a0c", + "cloudProvider": "common", "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/k8s/authorization_mode_node_not_set/metadata.json b/assets/queries/k8s/authorization_mode_node_not_set/metadata.json index b9bfc59c449..4c9b27bc57e 100644 --- a/assets/queries/k8s/authorization_mode_node_not_set/metadata.json +++ b/assets/queries/k8s/authorization_mode_node_not_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "1d944481", + "cloudProvider": "common", "cwe": "285" } \ No newline at end of file diff --git a/assets/queries/k8s/authorization_mode_rbac_not_set/metadata.json b/assets/queries/k8s/authorization_mode_rbac_not_set/metadata.json index 2ebcb0655c8..b6c132adcbd 100644 --- a/assets/queries/k8s/authorization_mode_rbac_not_set/metadata.json +++ b/assets/queries/k8s/authorization_mode_rbac_not_set/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "5298aafe", + "cloudProvider": "common", "cwe": "285", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/authorization_mode_set_to_always_allow/metadata.json b/assets/queries/k8s/authorization_mode_set_to_always_allow/metadata.json index 73bbbbbd712..8fc73b4105f 100644 --- a/assets/queries/k8s/authorization_mode_set_to_always_allow/metadata.json +++ b/assets/queries/k8s/authorization_mode_set_to_always_allow/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "f5c66471", + "cloudProvider": "common", "cwe": "285", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/auto_tls_set_to_true/metadata.json b/assets/queries/k8s/auto_tls_set_to_true/metadata.json index 9fe7cc17dc9..2976b2a024c 100644 --- a/assets/queries/k8s/auto_tls_set_to_true/metadata.json +++ b/assets/queries/k8s/auto_tls_set_to_true/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "81883f01", + "cloudProvider": "common", "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/basic_auth_file_is_set/metadata.json b/assets/queries/k8s/basic_auth_file_is_set/metadata.json index 5332c4fcaeb..d45810cd957 100644 --- a/assets/queries/k8s/basic_auth_file_is_set/metadata.json +++ b/assets/queries/k8s/basic_auth_file_is_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "e021b84c", + "cloudProvider": "common", "cwe": "1390" } \ No newline at end of file diff --git a/assets/queries/k8s/client_certificate_authentication_not_setup_properly/metadata.json b/assets/queries/k8s/client_certificate_authentication_not_setup_properly/metadata.json index ccc4e598e83..c896dfeadd2 100644 --- a/assets/queries/k8s/client_certificate_authentication_not_setup_properly/metadata.json +++ b/assets/queries/k8s/client_certificate_authentication_not_setup_properly/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", "platform": "Kubernetes", "descriptionID": "78c11e53", + "cloudProvider": "common", "cwe": "1390" } \ No newline at end of file diff --git a/assets/queries/k8s/cluster_admin_role_binding_with_super_user_permissions/metadata.json b/assets/queries/k8s/cluster_admin_role_binding_with_super_user_permissions/metadata.json index 8a5be31ebb9..d6ef74bc5fc 100644 --- a/assets/queries/k8s/cluster_admin_role_binding_with_super_user_permissions/metadata.json +++ b/assets/queries/k8s/cluster_admin_role_binding_with_super_user_permissions/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles", "platform": "Kubernetes", "descriptionID": "567eee7e", + "cloudProvider": "common", "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/cluster_allows_unsafe_sysctls/metadata.json b/assets/queries/k8s/cluster_allows_unsafe_sysctls/metadata.json index a3a7a82bbfc..1e8982aa39a 100644 --- a/assets/queries/k8s/cluster_allows_unsafe_sysctls/metadata.json +++ b/assets/queries/k8s/cluster_allows_unsafe_sysctls/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/", "platform": "Kubernetes", "descriptionID": "6eb994bc", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/cni_plugin_does_not_support_network_policies/metadata.json b/assets/queries/k8s/cni_plugin_does_not_support_network_policies/metadata.json index 10509e3adf4..230d0a04367 100644 --- a/assets/queries/k8s/cni_plugin_does_not_support_network_policies/metadata.json +++ b/assets/queries/k8s/cni_plugin_does_not_support_network_policies/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/", "platform": "Kubernetes", "descriptionID": "0e8d122c", + "cloudProvider": "common", "cwe": "923" } \ No newline at end of file diff --git a/assets/queries/k8s/container_is_privileged/metadata.json b/assets/queries/k8s/container_is_privileged/metadata.json index 239ce81b965..8b004bd8a25 100644 --- a/assets/queries/k8s/container_is_privileged/metadata.json +++ b/assets/queries/k8s/container_is_privileged/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/pods/#privileged-mode-for-containers", "platform": "Kubernetes", "descriptionID": "55f59030", + "cloudProvider": "common", "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/containers_run_with_low_uid/metadata.json b/assets/queries/k8s/containers_run_with_low_uid/metadata.json index 608b09d40eb..28a0b3890f0 100644 --- a/assets/queries/k8s/containers_run_with_low_uid/metadata.json +++ b/assets/queries/k8s/containers_run_with_low_uid/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "fc2c11f9", + "cloudProvider": "common", "cwe": "1188" } \ No newline at end of file diff --git a/assets/queries/k8s/containers_running_as_root/metadata.json b/assets/queries/k8s/containers_running_as_root/metadata.json index 8236cafbdaf..73f4731a3fc 100644 --- a/assets/queries/k8s/containers_running_as_root/metadata.json +++ b/assets/queries/k8s/containers_running_as_root/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "9d5b1d16", + "cloudProvider": "common", "cwe": "1188" } \ No newline at end of file diff --git a/assets/queries/k8s/containers_with_added_capabilities/metadata.json b/assets/queries/k8s/containers_with_added_capabilities/metadata.json index 3c39b47a348..b8c0a71c148 100644 --- a/assets/queries/k8s/containers_with_added_capabilities/metadata.json +++ b/assets/queries/k8s/containers_with_added_capabilities/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "719acefd", + "cloudProvider": "common", "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/containers_with_sys_admin_capabilities/metadata.json b/assets/queries/k8s/containers_with_sys_admin_capabilities/metadata.json index 9b2dea74046..2d7775b8b5b 100644 --- a/assets/queries/k8s/containers_with_sys_admin_capabilities/metadata.json +++ b/assets/queries/k8s/containers_with_sys_admin_capabilities/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "029aeb1d", + "cloudProvider": "common", "cwe": "250", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/cpu_limits_not_set/metadata.json b/assets/queries/k8s/cpu_limits_not_set/metadata.json index ab967892a9e..c2c73553813 100644 --- a/assets/queries/k8s/cpu_limits_not_set/metadata.json +++ b/assets/queries/k8s/cpu_limits_not_set/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "platform": "Kubernetes", "descriptionID": "9a2ef763", + "cloudProvider": "common", "cwe": "400", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/cpu_requests_not_set/metadata.json b/assets/queries/k8s/cpu_requests_not_set/metadata.json index f0f664e6b0d..a5db26c9fc8 100644 --- a/assets/queries/k8s/cpu_requests_not_set/metadata.json +++ b/assets/queries/k8s/cpu_requests_not_set/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#", "platform": "Kubernetes", "descriptionID": "ac7ad5df", + "cloudProvider": "common", "cwe": "400", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/cronjob_deadline_not_configured/metadata.json b/assets/queries/k8s/cronjob_deadline_not_configured/metadata.json index 40b43f435f8..9a63dc43925 100644 --- a/assets/queries/k8s/cronjob_deadline_not_configured/metadata.json +++ b/assets/queries/k8s/cronjob_deadline_not_configured/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/", "platform": "Kubernetes", "descriptionID": "285952e5", + "cloudProvider": "common", "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/dashboard_is_enabled/metadata.json b/assets/queries/k8s/dashboard_is_enabled/metadata.json index 48b77858a41..8700054c2fe 100644 --- a/assets/queries/k8s/dashboard_is_enabled/metadata.json +++ b/assets/queries/k8s/dashboard_is_enabled/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/", "platform": "Kubernetes", "descriptionID": "ad0e6a8d", + "cloudProvider": "common", "cwe": "779" } \ No newline at end of file diff --git a/assets/queries/k8s/deployment_has_no_pod_anti_affinity/metadata.json b/assets/queries/k8s/deployment_has_no_pod_anti_affinity/metadata.json index eae582c7804..81fa8638a22 100644 --- a/assets/queries/k8s/deployment_has_no_pod_anti_affinity/metadata.json +++ b/assets/queries/k8s/deployment_has_no_pod_anti_affinity/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/", "platform": "Kubernetes", "descriptionID": "22146f41", + "cloudProvider": "common", "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/k8s/deployment_without_pod_disruption_budget/metadata.json b/assets/queries/k8s/deployment_without_pod_disruption_budget/metadata.json index 9fbe773086d..cd33afdfa1b 100644 --- a/assets/queries/k8s/deployment_without_pod_disruption_budget/metadata.json +++ b/assets/queries/k8s/deployment_without_pod_disruption_budget/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/run-application/configure-pdb/", "platform": "Kubernetes", "descriptionID": "df941cb9", + "cloudProvider": "common", "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/metadata.json b/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/metadata.json index be299121a8a..f0f9b837651 100644 --- a/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/metadata.json +++ b/assets/queries/k8s/docker_daemon_socket_is_exposed_to_containers/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/storage/volumes/", "platform": "Kubernetes", "descriptionID": "0865e6f6", + "cloudProvider": "common", "cwe": "668", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/k8s/encryption_provider_config_is_not_defined/metadata.json b/assets/queries/k8s/encryption_provider_config_is_not_defined/metadata.json index d3ff58e3115..e928457356f 100644 --- a/assets/queries/k8s/encryption_provider_config_is_not_defined/metadata.json +++ b/assets/queries/k8s/encryption_provider_config_is_not_defined/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "c018594c", + "cloudProvider": "common", "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/k8s/encryption_provider_not_properly_configured/metadata.json b/assets/queries/k8s/encryption_provider_not_properly_configured/metadata.json index 83cdaca13a8..3ec3450aedc 100644 --- a/assets/queries/k8s/encryption_provider_not_properly_configured/metadata.json +++ b/assets/queries/k8s/encryption_provider_not_properly_configured/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#understanding-the-encryption-at-rest-configuration", "platform": "Kubernetes", "descriptionID": "c60a5ece", + "cloudProvider": "common", "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/k8s/ensure_administrative_boundaries_between_resources/metadata.json b/assets/queries/k8s/ensure_administrative_boundaries_between_resources/metadata.json index 79a4def83f5..4bdc64a0df1 100644 --- a/assets/queries/k8s/ensure_administrative_boundaries_between_resources/metadata.json +++ b/assets/queries/k8s/ensure_administrative_boundaries_between_resources/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "platform": "Kubernetes", "descriptionID": "8182d7cf", + "cloudProvider": "common", "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_client_certificate_authentication_set_to_false/metadata.json b/assets/queries/k8s/etcd_client_certificate_authentication_set_to_false/metadata.json index 9e2502ac0a7..6b191b97b04 100644 --- a/assets/queries/k8s/etcd_client_certificate_authentication_set_to_false/metadata.json +++ b/assets/queries/k8s/etcd_client_certificate_authentication_set_to_false/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "e79812fb", + "cloudProvider": "common", "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_client_certificate_file_not_defined/metadata.json b/assets/queries/k8s/etcd_client_certificate_file_not_defined/metadata.json index 134f9f29a0d..a0b39688852 100644 --- a/assets/queries/k8s/etcd_client_certificate_file_not_defined/metadata.json +++ b/assets/queries/k8s/etcd_client_certificate_file_not_defined/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "f385527b", + "cloudProvider": "common", "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_peer_client_certificate_authentication_set_to_false/metadata.json b/assets/queries/k8s/etcd_peer_client_certificate_authentication_set_to_false/metadata.json index 13fd9e85c6f..8d4f9e88b52 100644 --- a/assets/queries/k8s/etcd_peer_client_certificate_authentication_set_to_false/metadata.json +++ b/assets/queries/k8s/etcd_peer_client_certificate_authentication_set_to_false/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "00b0e7f2", + "cloudProvider": "common", "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_peer_tls_certificate_files_not_properly_set/metadata.json b/assets/queries/k8s/etcd_peer_tls_certificate_files_not_properly_set/metadata.json index 1e0ad5ab2d8..b9736d097b2 100644 --- a/assets/queries/k8s/etcd_peer_tls_certificate_files_not_properly_set/metadata.json +++ b/assets/queries/k8s/etcd_peer_tls_certificate_files_not_properly_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "f3bb5a8e", + "cloudProvider": "common", "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/metadata.json b/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/metadata.json index 2048734fa1b..5481a43ebf3 100644 --- a/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/metadata.json +++ b/assets/queries/k8s/etcd_tls_certificate_files_not_properly_set/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "3c8aae35", + "cloudProvider": "common", "cwe": "287", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/metadata.json b/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/metadata.json index 0eb854df3d1..d49fba8b932 100644 --- a/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/metadata.json +++ b/assets/queries/k8s/etcd_tls_certificate_not_properly_configured/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "073667d8", + "cloudProvider": "common", "cwe": "287", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/event_rate_limit_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/event_rate_limit_admission_control_plugin_not_set/metadata.json index 7f19a069e2a..a1550e5e795 100644 --- a/assets/queries/k8s/event_rate_limit_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/event_rate_limit_admission_control_plugin_not_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "3cc9eca8", + "cloudProvider": "common", "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/metadata.json b/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/metadata.json index 9d8fe30127f..f2e0985db67 100644 --- a/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/metadata.json +++ b/assets/queries/k8s/hpa_targeted_deployments_with_configured_replica_count/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/", "platform": "Kubernetes", "descriptionID": "3ccc5d6c", + "cloudProvider": "common", "cwe": "400", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/k8s/hpa_targets_invalid_object/metadata.json b/assets/queries/k8s/hpa_targets_invalid_object/metadata.json index 5d79404153e..51e636ae03a 100644 --- a/assets/queries/k8s/hpa_targets_invalid_object/metadata.json +++ b/assets/queries/k8s/hpa_targets_invalid_object/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/", "platform": "Kubernetes", "descriptionID": "450f7251", + "cloudProvider": "common", "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/image_policy_webhook_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/image_policy_webhook_admission_control_plugin_not_set/metadata.json index c7ee725d7d1..85d039d0491 100644 --- a/assets/queries/k8s/image_policy_webhook_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/image_policy_webhook_admission_control_plugin_not_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "7e7fe5b6", + "cloudProvider": "common", "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/image_pull_policy_of_container_is_not_always/metadata.json b/assets/queries/k8s/image_pull_policy_of_container_is_not_always/metadata.json index 55a5674d1e1..ee58fd89c6c 100644 --- a/assets/queries/k8s/image_pull_policy_of_container_is_not_always/metadata.json +++ b/assets/queries/k8s/image_pull_policy_of_container_is_not_always/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/containers/images/#updating-images", "platform": "Kubernetes", "descriptionID": "201e3c8d", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/image_without_digest/metadata.json b/assets/queries/k8s/image_without_digest/metadata.json index b602eaab35c..daa3d5105fb 100644 --- a/assets/queries/k8s/image_without_digest/metadata.json +++ b/assets/queries/k8s/image_without_digest/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/containers/images/#updating-images", "platform": "Kubernetes", "descriptionID": "3f9f8d78", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/incorrect_volume_claim_access_mode_read_write_once/metadata.json b/assets/queries/k8s/incorrect_volume_claim_access_mode_read_write_once/metadata.json index c22306d3660..3220a5754df 100644 --- a/assets/queries/k8s/incorrect_volume_claim_access_mode_read_write_once/metadata.json +++ b/assets/queries/k8s/incorrect_volume_claim_access_mode_read_write_once/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/", "platform": "Kubernetes", "descriptionID": "f4e48914", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/ingress_controller_exposes_workload/metadata.json b/assets/queries/k8s/ingress_controller_exposes_workload/metadata.json index 1b7d83d3d47..0fd4b9268fb 100644 --- a/assets/queries/k8s/ingress_controller_exposes_workload/metadata.json +++ b/assets/queries/k8s/ingress_controller_exposes_workload/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/", "platform": "Kubernetes", "descriptionID": "7db90ca7", + "cloudProvider": "common", "cwe": "779" } \ No newline at end of file diff --git a/assets/queries/k8s/insecure_bind_address_set/metadata.json b/assets/queries/k8s/insecure_bind_address_set/metadata.json index fd69e276b34..503a653f6c7 100644 --- a/assets/queries/k8s/insecure_bind_address_set/metadata.json +++ b/assets/queries/k8s/insecure_bind_address_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "5b1eb26c", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/insecure_port_not_properly_set/metadata.json b/assets/queries/k8s/insecure_port_not_properly_set/metadata.json index 4fb4c56ee0d..9be4e679a52 100644 --- a/assets/queries/k8s/insecure_port_not_properly_set/metadata.json +++ b/assets/queries/k8s/insecure_port_not_properly_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "d9e178b1", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/invalid_image/metadata.json b/assets/queries/k8s/invalid_image/metadata.json index 35f06d132bd..2c79381f651 100644 --- a/assets/queries/k8s/invalid_image/metadata.json +++ b/assets/queries/k8s/invalid_image/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/containers/images/#updating-images", "platform": "Kubernetes", "descriptionID": "30154626", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_certificate_authority_not_set/metadata.json b/assets/queries/k8s/kubelet_certificate_authority_not_set/metadata.json index ec055b26936..3d2d990f817 100644 --- a/assets/queries/k8s/kubelet_certificate_authority_not_set/metadata.json +++ b/assets/queries/k8s/kubelet_certificate_authority_not_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "ce08eb5d", + "cloudProvider": "common", "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_client_certificate_or_key_not_set/metadata.json b/assets/queries/k8s/kubelet_client_certificate_or_key_not_set/metadata.json index 11cfa0e45cf..a30d00cf773 100644 --- a/assets/queries/k8s/kubelet_client_certificate_or_key_not_set/metadata.json +++ b/assets/queries/k8s/kubelet_client_certificate_or_key_not_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "0f0e2ae7", + "cloudProvider": "common", "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_client_periodic_certificate_switch_disabled/metadata.json b/assets/queries/k8s/kubelet_client_periodic_certificate_switch_disabled/metadata.json index 06580967f9a..7768a4eb14c 100644 --- a/assets/queries/k8s/kubelet_client_periodic_certificate_switch_disabled/metadata.json +++ b/assets/queries/k8s/kubelet_client_periodic_certificate_switch_disabled/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "1a17c91a", + "cloudProvider": "common", "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_event_qps_not_properly_set/metadata.json b/assets/queries/k8s/kubelet_event_qps_not_properly_set/metadata.json index 68f50a07f10..e25725c021f 100644 --- a/assets/queries/k8s/kubelet_event_qps_not_properly_set/metadata.json +++ b/assets/queries/k8s/kubelet_event_qps_not_properly_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", "platform": "Kubernetes", "descriptionID": "3163b76e", + "cloudProvider": "common", "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_hostname_override_is_set/metadata.json b/assets/queries/k8s/kubelet_hostname_override_is_set/metadata.json index b65bcb1ae68..4797e3c8722 100644 --- a/assets/queries/k8s/kubelet_hostname_override_is_set/metadata.json +++ b/assets/queries/k8s/kubelet_hostname_override_is_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", "platform": "Kubernetes", "descriptionID": "a3adb557", + "cloudProvider": "common", "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_https_set_to_false/metadata.json b/assets/queries/k8s/kubelet_https_set_to_false/metadata.json index 7c077a2bfcd..3d2a630fa0d 100644 --- a/assets/queries/k8s/kubelet_https_set_to_false/metadata.json +++ b/assets/queries/k8s/kubelet_https_set_to_false/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "754a303a", + "cloudProvider": "common", "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_not_managing_ip_tables/metadata.json b/assets/queries/k8s/kubelet_not_managing_ip_tables/metadata.json index 28bf1120e0c..d948948afcd 100644 --- a/assets/queries/k8s/kubelet_not_managing_ip_tables/metadata.json +++ b/assets/queries/k8s/kubelet_not_managing_ip_tables/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "1bd198ea", + "cloudProvider": "common", "cwe": "924" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_protect_kernel_defaults_set_to_false/metadata.json b/assets/queries/k8s/kubelet_protect_kernel_defaults_set_to_false/metadata.json index 07c125783ca..168ce60cd6f 100644 --- a/assets/queries/k8s/kubelet_protect_kernel_defaults_set_to_false/metadata.json +++ b/assets/queries/k8s/kubelet_protect_kernel_defaults_set_to_false/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", "platform": "Kubernetes", "descriptionID": "e3a4b35d", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_read_only_port_is_not_set_to_zero/metadata.json b/assets/queries/k8s/kubelet_read_only_port_is_not_set_to_zero/metadata.json index 6d915f59f4a..ae0ece1f751 100644 --- a/assets/queries/k8s/kubelet_read_only_port_is_not_set_to_zero/metadata.json +++ b/assets/queries/k8s/kubelet_read_only_port_is_not_set_to_zero/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "8cedc17d", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/kubelet_streaming_connection_timeout_disabled/metadata.json b/assets/queries/k8s/kubelet_streaming_connection_timeout_disabled/metadata.json index 0053ae4e695..afd67d094c1 100644 --- a/assets/queries/k8s/kubelet_streaming_connection_timeout_disabled/metadata.json +++ b/assets/queries/k8s/kubelet_streaming_connection_timeout_disabled/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "f0a2431d", + "cloudProvider": "common", "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/k8s/liveness_probe_is_not_defined/metadata.json b/assets/queries/k8s/liveness_probe_is_not_defined/metadata.json index 73087b3a46d..201e37f3648 100644 --- a/assets/queries/k8s/liveness_probe_is_not_defined/metadata.json +++ b/assets/queries/k8s/liveness_probe_is_not_defined/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#when-should-you-use-a-liveness-probe", "platform": "Kubernetes", "descriptionID": "f724fa60", + "cloudProvider": "common", "cwe": "754", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/k8s/memory_limits_not_defined/metadata.json b/assets/queries/k8s/memory_limits_not_defined/metadata.json index e054ae40f2e..2125f89eaa8 100644 --- a/assets/queries/k8s/memory_limits_not_defined/metadata.json +++ b/assets/queries/k8s/memory_limits_not_defined/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/", "platform": "Kubernetes", "descriptionID": "e0ba95cc", + "cloudProvider": "common", "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/memory_requests_not_defined/metadata.json b/assets/queries/k8s/memory_requests_not_defined/metadata.json index e95e5c7201b..d504fe7b960 100644 --- a/assets/queries/k8s/memory_requests_not_defined/metadata.json +++ b/assets/queries/k8s/memory_requests_not_defined/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/", "platform": "Kubernetes", "descriptionID": "3dcbd683", + "cloudProvider": "common", "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/metadata_label_is_invalid/metadata.json b/assets/queries/k8s/metadata_label_is_invalid/metadata.json index 25a5bd6e014..67a19186316 100644 --- a/assets/queries/k8s/metadata_label_is_invalid/metadata.json +++ b/assets/queries/k8s/metadata_label_is_invalid/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", "platform": "Kubernetes", "descriptionID": "a6921416", + "cloudProvider": "common", "cwe": "710", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/k8s/missing_app_armor_config/metadata.json b/assets/queries/k8s/missing_app_armor_config/metadata.json index b7a61e60707..7e9f2a2f642 100644 --- a/assets/queries/k8s/missing_app_armor_config/metadata.json +++ b/assets/queries/k8s/missing_app_armor_config/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tutorials/clusters/apparmor/", "platform": "Kubernetes", "descriptionID": "59c17c0a", + "cloudProvider": "common", "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/namespace_lifecycle_admission_control_plugin_disabled/metadata.json b/assets/queries/k8s/namespace_lifecycle_admission_control_plugin_disabled/metadata.json index 57d1348201d..9e3b2759296 100644 --- a/assets/queries/k8s/namespace_lifecycle_admission_control_plugin_disabled/metadata.json +++ b/assets/queries/k8s/namespace_lifecycle_admission_control_plugin_disabled/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "13e94c89", + "cloudProvider": "common", "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/net_raw_capabilities_disabled_for_psp/metadata.json b/assets/queries/k8s/net_raw_capabilities_disabled_for_psp/metadata.json index 174683716e9..1f159186773 100644 --- a/assets/queries/k8s/net_raw_capabilities_disabled_for_psp/metadata.json +++ b/assets/queries/k8s/net_raw_capabilities_disabled_for_psp/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "e72d5579", + "cloudProvider": "common", "cwe": "250" } \ No newline at end of file diff --git a/assets/queries/k8s/net_raw_capabilities_not_being_dropped/metadata.json b/assets/queries/k8s/net_raw_capabilities_not_being_dropped/metadata.json index 090df65e12a..dcf84537939 100644 --- a/assets/queries/k8s/net_raw_capabilities_not_being_dropped/metadata.json +++ b/assets/queries/k8s/net_raw_capabilities_not_being_dropped/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "e9790956", + "cloudProvider": "common", "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/network_policy_is_not_targeting_any_pod/metadata.json b/assets/queries/k8s/network_policy_is_not_targeting_any_pod/metadata.json index 1c44a0fd1ff..1cb38c69005 100644 --- a/assets/queries/k8s/network_policy_is_not_targeting_any_pod/metadata.json +++ b/assets/queries/k8s/network_policy_is_not_targeting_any_pod/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/network-policies/", "platform": "Kubernetes", "descriptionID": "be3c67e3", + "cloudProvider": "common", "cwe": "665", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/no_drop_capabilities_for_containers/metadata.json b/assets/queries/k8s/no_drop_capabilities_for_containers/metadata.json index e056e20ef22..30a37e5bbc2 100644 --- a/assets/queries/k8s/no_drop_capabilities_for_containers/metadata.json +++ b/assets/queries/k8s/no_drop_capabilities_for_containers/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", "platform": "Kubernetes", "descriptionID": "9d3ca6db", + "cloudProvider": "common", "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/metadata.json index 65284a6d5b3..23418d0117a 100644 --- a/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/node_restriction_admission_control_plugin_not_set/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "2a03f1ec", + "cloudProvider": "common", "cwe": "269", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/non_kube_system_pod_with_host_mount/metadata.json b/assets/queries/k8s/non_kube_system_pod_with_host_mount/metadata.json index 394a4e188f0..636ba274dbe 100644 --- a/assets/queries/k8s/non_kube_system_pod_with_host_mount/metadata.json +++ b/assets/queries/k8s/non_kube_system_pod_with_host_mount/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/storage/volumes/", "platform": "Kubernetes", "descriptionID": "e8553157", + "cloudProvider": "common", "cwe": "668", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/metadata.json b/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/metadata.json index 843ae46b455..03867e4761c 100644 --- a/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/metadata.json +++ b/assets/queries/k8s/not_limited_capabilities_for_pod_security_policy/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "eaf6d4ba", + "cloudProvider": "common", "cwe": "770", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/not_unique_certificate_authority/metadata.json b/assets/queries/k8s/not_unique_certificate_authority/metadata.json index a808ba4c89b..55b2aa9158e 100644 --- a/assets/queries/k8s/not_unique_certificate_authority/metadata.json +++ b/assets/queries/k8s/not_unique_certificate_authority/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "d2c6c9e8", + "cloudProvider": "common", "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/k8s/object_is_using_a_deprecated_api_version/metadata.json b/assets/queries/k8s/object_is_using_a_deprecated_api_version/metadata.json index 89221bf75ec..5107e863042 100644 --- a/assets/queries/k8s/object_is_using_a_deprecated_api_version/metadata.json +++ b/assets/queries/k8s/object_is_using_a_deprecated_api_version/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/using-api/deprecation-guide/", "platform": "Kubernetes", "descriptionID": "d5c30c5b", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/peer_auto_tls_set_to_true/metadata.json b/assets/queries/k8s/peer_auto_tls_set_to_true/metadata.json index cc23fb969c6..da1472b6940 100644 --- a/assets/queries/k8s/peer_auto_tls_set_to_true/metadata.json +++ b/assets/queries/k8s/peer_auto_tls_set_to_true/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://etcd.io/docs/v3.4/op-guide/security/", "platform": "Kubernetes", "descriptionID": "02a0a4d9", + "cloudProvider": "common", "cwe": "295", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/permissive_access_to_create_pods/metadata.json b/assets/queries/k8s/permissive_access_to_create_pods/metadata.json index 1e31ba183af..25520529877 100644 --- a/assets/queries/k8s/permissive_access_to_create_pods/metadata.json +++ b/assets/queries/k8s/permissive_access_to_create_pods/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping", "platform": "Kubernetes", "descriptionID": "c78cb1a7", + "cloudProvider": "common", "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/pod_misconfigured_network_policy/metadata.json b/assets/queries/k8s/pod_misconfigured_network_policy/metadata.json index 939b0279f22..45ddcbbe8b6 100644 --- a/assets/queries/k8s/pod_misconfigured_network_policy/metadata.json +++ b/assets/queries/k8s/pod_misconfigured_network_policy/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/network-policies/", "platform": "Kubernetes", "descriptionID": "20500552", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/pod_or_container_without_limit_range/metadata.json b/assets/queries/k8s/pod_or_container_without_limit_range/metadata.json index e12fde195df..686655a89e9 100644 --- a/assets/queries/k8s/pod_or_container_without_limit_range/metadata.json +++ b/assets/queries/k8s/pod_or_container_without_limit_range/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/limit-range/", "platform": "Kubernetes", "descriptionID": "142ed21f", + "cloudProvider": "common", "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/pod_or_container_without_resource_quota/metadata.json b/assets/queries/k8s/pod_or_container_without_resource_quota/metadata.json index 88820c05cf5..d659a4daea4 100644 --- a/assets/queries/k8s/pod_or_container_without_resource_quota/metadata.json +++ b/assets/queries/k8s/pod_or_container_without_resource_quota/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/resource-quotas/", "platform": "Kubernetes", "descriptionID": "86499ed5", + "cloudProvider": "common", "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/pod_or_container_without_security_context/metadata.json b/assets/queries/k8s/pod_or_container_without_security_context/metadata.json index 5196d61aef6..3782662c747 100644 --- a/assets/queries/k8s/pod_or_container_without_security_context/metadata.json +++ b/assets/queries/k8s/pod_or_container_without_security_context/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "68a1650b", + "cloudProvider": "common", "cwe": "285" } \ No newline at end of file diff --git a/assets/queries/k8s/pod_security_policy_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/pod_security_policy_admission_control_plugin_not_set/metadata.json index cdb19443cb4..4969b9feb5b 100644 --- a/assets/queries/k8s/pod_security_policy_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/pod_security_policy_admission_control_plugin_not_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "5b3d44e9", + "cloudProvider": "common", "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/privilege_escalation_allowed/metadata.json b/assets/queries/k8s/privilege_escalation_allowed/metadata.json index 4f96b24e8a1..3cd8c01a6f0 100644 --- a/assets/queries/k8s/privilege_escalation_allowed/metadata.json +++ b/assets/queries/k8s/privilege_escalation_allowed/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "525fccf4", + "cloudProvider": "common", "cwe": "269" } \ No newline at end of file diff --git a/assets/queries/k8s/profiling_not_set_to_false/metadata.json b/assets/queries/k8s/profiling_not_set_to_false/metadata.json index aef0d1d1e49..67d7bf812cb 100644 --- a/assets/queries/k8s/profiling_not_set_to_false/metadata.json +++ b/assets/queries/k8s/profiling_not_set_to_false/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "622a1db7", + "cloudProvider": "common", "cwe": "779" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_allows_privilege_escalation/metadata.json b/assets/queries/k8s/psp_allows_privilege_escalation/metadata.json index 7b20371d763..0d0bce7d1ae 100644 --- a/assets/queries/k8s/psp_allows_privilege_escalation/metadata.json +++ b/assets/queries/k8s/psp_allows_privilege_escalation/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "d7c5e3ad", + "cloudProvider": "common", "cwe": "269", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_allows_sharing_host_ipc/metadata.json b/assets/queries/k8s/psp_allows_sharing_host_ipc/metadata.json index deadc048199..d5739dae243 100644 --- a/assets/queries/k8s/psp_allows_sharing_host_ipc/metadata.json +++ b/assets/queries/k8s/psp_allows_sharing_host_ipc/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "329be51b", + "cloudProvider": "common", "cwe": "250", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_allows_sharing_host_pid/metadata.json b/assets/queries/k8s/psp_allows_sharing_host_pid/metadata.json index 590525bf756..16b5f65ae18 100644 --- a/assets/queries/k8s/psp_allows_sharing_host_pid/metadata.json +++ b/assets/queries/k8s/psp_allows_sharing_host_pid/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "980c2b40", + "cloudProvider": "common", "cwe": "250" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_containers_share_host_network_namespace/metadata.json b/assets/queries/k8s/psp_containers_share_host_network_namespace/metadata.json index 2df105f5f8c..17852ab7126 100644 --- a/assets/queries/k8s/psp_containers_share_host_network_namespace/metadata.json +++ b/assets/queries/k8s/psp_containers_share_host_network_namespace/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "4b468f08", + "cloudProvider": "common", "cwe": "250" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_set_to_privileged/metadata.json b/assets/queries/k8s/psp_set_to_privileged/metadata.json index 183cf3a7d28..dc972484599 100644 --- a/assets/queries/k8s/psp_set_to_privileged/metadata.json +++ b/assets/queries/k8s/psp_set_to_privileged/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod_security_policy#privileged", "platform": "Kubernetes", "descriptionID": "11a8da07", + "cloudProvider": "common", "cwe": "732", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_with_added_capabilities/metadata.json b/assets/queries/k8s/psp_with_added_capabilities/metadata.json index a49a78e2138..88affae2660 100644 --- a/assets/queries/k8s/psp_with_added_capabilities/metadata.json +++ b/assets/queries/k8s/psp_with_added_capabilities/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "2889da19", + "cloudProvider": "common", "cwe": "250", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/psp_with_unrestricted_access_to_host_path/metadata.json b/assets/queries/k8s/psp_with_unrestricted_access_to_host_path/metadata.json index 55467330d51..7790fdfc4b3 100644 --- a/assets/queries/k8s/psp_with_unrestricted_access_to_host_path/metadata.json +++ b/assets/queries/k8s/psp_with_unrestricted_access_to_host_path/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems", "platform": "Kubernetes", "descriptionID": "fc4b7215", + "cloudProvider": "common", "cwe": "250" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_allow_privilege_escalation/metadata.json b/assets/queries/k8s/rbac_roles_allow_privilege_escalation/metadata.json index 6c1bb5df559..172f33a0efb 100644 --- a/assets/queries/k8s/rbac_roles_allow_privilege_escalation/metadata.json +++ b/assets/queries/k8s/rbac_roles_allow_privilege_escalation/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/#restrictions-on-role-binding-creation-or-update", "platform": "Kubernetes", "descriptionID": "8320826e", + "cloudProvider": "common", "cwe": "288" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_with_attach_permission/metadata.json b/assets/queries/k8s/rbac_roles_with_attach_permission/metadata.json index 1f2bcf147b3..0821253e286 100644 --- a/assets/queries/k8s/rbac_roles_with_attach_permission/metadata.json +++ b/assets/queries/k8s/rbac_roles_with_attach_permission/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "d45330fd", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_with_exec_permission/metadata.json b/assets/queries/k8s/rbac_roles_with_exec_permission/metadata.json index 6938271ee9c..d430b3b0a6e 100644 --- a/assets/queries/k8s/rbac_roles_with_exec_permission/metadata.json +++ b/assets/queries/k8s/rbac_roles_with_exec_permission/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "c589f42c", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_with_impersonate_permission/metadata.json b/assets/queries/k8s/rbac_roles_with_impersonate_permission/metadata.json index 1db35ee2b8c..cbb2bccb620 100644 --- a/assets/queries/k8s/rbac_roles_with_impersonate_permission/metadata.json +++ b/assets/queries/k8s/rbac_roles_with_impersonate_permission/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation", "platform": "Kubernetes", "descriptionID": "9f85c3f6", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_with_portforwarding_permissions/metadata.json b/assets/queries/k8s/rbac_roles_with_portforwarding_permissions/metadata.json index eef15e9487b..26066ddb2d2 100644 --- a/assets/queries/k8s/rbac_roles_with_portforwarding_permissions/metadata.json +++ b/assets/queries/k8s/rbac_roles_with_portforwarding_permissions/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "38fa11ef", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_roles_with_read_secrets_permissions/metadata.json b/assets/queries/k8s/rbac_roles_with_read_secrets_permissions/metadata.json index c1ff7129cd9..1056d223920 100644 --- a/assets/queries/k8s/rbac_roles_with_read_secrets_permissions/metadata.json +++ b/assets/queries/k8s/rbac_roles_with_read_secrets_permissions/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "ca97f029", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rbac_wildcard_in_rule/metadata.json b/assets/queries/k8s/rbac_wildcard_in_rule/metadata.json index f83fb016f32..6f4e296a415 100644 --- a/assets/queries/k8s/rbac_wildcard_in_rule/metadata.json +++ b/assets/queries/k8s/rbac_wildcard_in_rule/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "ccf4e279", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/readiness_probe_is_not_configured/metadata.json b/assets/queries/k8s/readiness_probe_is_not_configured/metadata.json index 13081fe78b3..607c56c2884 100644 --- a/assets/queries/k8s/readiness_probe_is_not_configured/metadata.json +++ b/assets/queries/k8s/readiness_probe_is_not_configured/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes", "platform": "Kubernetes", "descriptionID": "28c0498a", + "cloudProvider": "common", "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/k8s/request_timeout_not_properly_set/metadata.json b/assets/queries/k8s/request_timeout_not_properly_set/metadata.json index 031898d5d35..116cb647568 100644 --- a/assets/queries/k8s/request_timeout_not_properly_set/metadata.json +++ b/assets/queries/k8s/request_timeout_not_properly_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "592c7cba", + "cloudProvider": "common", "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/k8s/role_binding_to_default_service_account/metadata.json b/assets/queries/k8s/role_binding_to_default_service_account/metadata.json index 26f78a9eec4..6f110612750 100644 --- a/assets/queries/k8s/role_binding_to_default_service_account/metadata.json +++ b/assets/queries/k8s/role_binding_to_default_service_account/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "platform": "Kubernetes", "descriptionID": "9879e8c2", + "cloudProvider": "common", "cwe": "665", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/root_ca_file_not_defined/metadata.json b/assets/queries/k8s/root_ca_file_not_defined/metadata.json index 843d13f1d37..a3b4f91e85f 100644 --- a/assets/queries/k8s/root_ca_file_not_defined/metadata.json +++ b/assets/queries/k8s/root_ca_file_not_defined/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/", "platform": "Kubernetes", "descriptionID": "7d439960", + "cloudProvider": "common", "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/k8s/root_container_not_mounted_as_read_only/metadata.json b/assets/queries/k8s/root_container_not_mounted_as_read_only/metadata.json index a4e1bae45b9..bd2c468128c 100644 --- a/assets/queries/k8s/root_container_not_mounted_as_read_only/metadata.json +++ b/assets/queries/k8s/root_container_not_mounted_as_read_only/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "platform": "Kubernetes", "descriptionID": "0d2df1e5", + "cloudProvider": "common", "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/k8s/root_containers_admitted/metadata.json b/assets/queries/k8s/root_containers_admitted/metadata.json index 6ee442afb68..f446f6d280a 100644 --- a/assets/queries/k8s/root_containers_admitted/metadata.json +++ b/assets/queries/k8s/root_containers_admitted/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "2fe54446", + "cloudProvider": "common", "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/k8s/rotate_kubelet_server_certificate_not_active/metadata.json b/assets/queries/k8s/rotate_kubelet_server_certificate_not_active/metadata.json index 563c33bae94..d8878a35394 100644 --- a/assets/queries/k8s/rotate_kubelet_server_certificate_not_active/metadata.json +++ b/assets/queries/k8s/rotate_kubelet_server_certificate_not_active/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "a4f48785", + "cloudProvider": "common", "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/k8s/seccomp_profile_is_not_configured/metadata.json b/assets/queries/k8s/seccomp_profile_is_not_configured/metadata.json index 91871af9f4b..d8bc8ddc364 100644 --- a/assets/queries/k8s/seccomp_profile_is_not_configured/metadata.json +++ b/assets/queries/k8s/seccomp_profile_is_not_configured/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tutorials/security/seccomp/#create-pod-that-uses-the-container-runtime-default-seccomp-profile", "platform": "Kubernetes", "descriptionID": "d943c7e7", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/secrets_as_environment_variables/metadata.json b/assets/queries/k8s/secrets_as_environment_variables/metadata.json index 05b6c4736f1..3ff72331892 100644 --- a/assets/queries/k8s/secrets_as_environment_variables/metadata.json +++ b/assets/queries/k8s/secrets_as_environment_variables/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables", "platform": "Kubernetes", "descriptionID": "99365a7d", + "cloudProvider": "common", "cwe": "526" } \ No newline at end of file diff --git a/assets/queries/k8s/secure_port_set_to_zero/metadata.json b/assets/queries/k8s/secure_port_set_to_zero/metadata.json index f90a251bece..8afc932acc5 100644 --- a/assets/queries/k8s/secure_port_set_to_zero/metadata.json +++ b/assets/queries/k8s/secure_port_set_to_zero/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "adf24d20", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/security_context_deny_admission_control_plugin_not_set/metadata.json b/assets/queries/k8s/security_context_deny_admission_control_plugin_not_set/metadata.json index 51b67b3b9b5..fb3012b9f29 100644 --- a/assets/queries/k8s/security_context_deny_admission_control_plugin_not_set/metadata.json +++ b/assets/queries/k8s/security_context_deny_admission_control_plugin_not_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "571f15ee", + "cloudProvider": "common", "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_admission_control_plugin_disabled/metadata.json b/assets/queries/k8s/service_account_admission_control_plugin_disabled/metadata.json index 014a446f8d5..aae6de96461 100644 --- a/assets/queries/k8s/service_account_admission_control_plugin_disabled/metadata.json +++ b/assets/queries/k8s/service_account_admission_control_plugin_disabled/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "3649a726", + "cloudProvider": "common", "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_allows_access_secrets/metadata.json b/assets/queries/k8s/service_account_allows_access_secrets/metadata.json index 81200f05fb1..3c72a6985ab 100644 --- a/assets/queries/k8s/service_account_allows_access_secrets/metadata.json +++ b/assets/queries/k8s/service_account_allows_access_secrets/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "platform": "Kubernetes", "descriptionID": "79619280", + "cloudProvider": "common", "cwe": "522" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_key_file_not_properly_set/metadata.json b/assets/queries/k8s/service_account_key_file_not_properly_set/metadata.json index 7f37238ed3d..7cd28d70896 100644 --- a/assets/queries/k8s/service_account_key_file_not_properly_set/metadata.json +++ b/assets/queries/k8s/service_account_key_file_not_properly_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "2f3224e8", + "cloudProvider": "common", "cwe": "522" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_lookup_set_to_false/metadata.json b/assets/queries/k8s/service_account_lookup_set_to_false/metadata.json index 244be7b7195..5d644e47f8b 100644 --- a/assets/queries/k8s/service_account_lookup_set_to_false/metadata.json +++ b/assets/queries/k8s/service_account_lookup_set_to_false/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "c957c855", + "cloudProvider": "common", "cwe": "287" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_name_undefined_or_empty/metadata.json b/assets/queries/k8s/service_account_name_undefined_or_empty/metadata.json index 39d6560a208..4146452644b 100644 --- a/assets/queries/k8s/service_account_name_undefined_or_empty/metadata.json +++ b/assets/queries/k8s/service_account_name_undefined_or_empty/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "platform": "Kubernetes", "descriptionID": "2940f843", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_private_key_file_not_defined/metadata.json b/assets/queries/k8s/service_account_private_key_file_not_defined/metadata.json index 53933f61569..52340785f33 100644 --- a/assets/queries/k8s/service_account_private_key_file_not_defined/metadata.json +++ b/assets/queries/k8s/service_account_private_key_file_not_defined/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/", "platform": "Kubernetes", "descriptionID": "b2fc61b4", + "cloudProvider": "common", "cwe": "286", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/service_account_token_automount_not_disabled/metadata.json b/assets/queries/k8s/service_account_token_automount_not_disabled/metadata.json index 31237b290f7..72ce24617a2 100644 --- a/assets/queries/k8s/service_account_token_automount_not_disabled/metadata.json +++ b/assets/queries/k8s/service_account_token_automount_not_disabled/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server", "platform": "Kubernetes", "descriptionID": "51cade0f", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/service_does_not_target_pod/metadata.json b/assets/queries/k8s/service_does_not_target_pod/metadata.json index 12fedfbfc25..1e2dcbcb654 100644 --- a/assets/queries/k8s/service_does_not_target_pod/metadata.json +++ b/assets/queries/k8s/service_does_not_target_pod/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/service/", "platform": "Kubernetes", "descriptionID": "e7c26645", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/service_type_is_nodeport/metadata.json b/assets/queries/k8s/service_type_is_nodeport/metadata.json index 11584149a50..26a4305c4a9 100644 --- a/assets/queries/k8s/service_type_is_nodeport/metadata.json +++ b/assets/queries/k8s/service_type_is_nodeport/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/service/", "platform": "Kubernetes", "descriptionID": "4744714e", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/service_with_external_load_balancer/metadata.json b/assets/queries/k8s/service_with_external_load_balancer/metadata.json index 5446ceef10e..48370bd5afa 100644 --- a/assets/queries/k8s/service_with_external_load_balancer/metadata.json +++ b/assets/queries/k8s/service_with_external_load_balancer/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", "platform": "Kubernetes", "descriptionID": "2e090344", + "cloudProvider": "common", "cwe": "552" } \ No newline at end of file diff --git a/assets/queries/k8s/shared_host_ipc_namespace/metadata.json b/assets/queries/k8s/shared_host_ipc_namespace/metadata.json index a11d4bb884a..4e887194682 100644 --- a/assets/queries/k8s/shared_host_ipc_namespace/metadata.json +++ b/assets/queries/k8s/shared_host_ipc_namespace/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "1ef1fe71", + "cloudProvider": "common", "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/k8s/shared_host_network_namespace/metadata.json b/assets/queries/k8s/shared_host_network_namespace/metadata.json index b4aa803a8d4..ecc69500b9a 100644 --- a/assets/queries/k8s/shared_host_network_namespace/metadata.json +++ b/assets/queries/k8s/shared_host_network_namespace/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "50e5de80", + "cloudProvider": "common", "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/k8s/shared_host_pid_namespace/metadata.json b/assets/queries/k8s/shared_host_pid_namespace/metadata.json index 137993710a3..900ad997a68 100644 --- a/assets/queries/k8s/shared_host_pid_namespace/metadata.json +++ b/assets/queries/k8s/shared_host_pid_namespace/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "c34092eb", + "cloudProvider": "common", "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/k8s/shared_service_account/metadata.json b/assets/queries/k8s/shared_service_account/metadata.json index 72dafa081c7..edb6196451a 100644 --- a/assets/queries/k8s/shared_service_account/metadata.json +++ b/assets/queries/k8s/shared_service_account/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "platform": "Kubernetes", "descriptionID": "f1c94544", + "cloudProvider": "common", "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/k8s/statefulset_has_no_pod_anti_affinity/metadata.json b/assets/queries/k8s/statefulset_has_no_pod_anti_affinity/metadata.json index 06dc2055f08..d1146d5bf33 100644 --- a/assets/queries/k8s/statefulset_has_no_pod_anti_affinity/metadata.json +++ b/assets/queries/k8s/statefulset_has_no_pod_anti_affinity/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/", "platform": "Kubernetes", "descriptionID": "f0d30dd9", + "cloudProvider": "common", "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/k8s/statefulset_requests_storage/metadata.json b/assets/queries/k8s/statefulset_requests_storage/metadata.json index 71a3de12c1e..9d908b11de5 100644 --- a/assets/queries/k8s/statefulset_requests_storage/metadata.json +++ b/assets/queries/k8s/statefulset_requests_storage/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/", "platform": "Kubernetes", "descriptionID": "6210afe6", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/statefulset_without_pod_disruption_budget/metadata.json b/assets/queries/k8s/statefulset_without_pod_disruption_budget/metadata.json index e3b103cea04..4c0406c3265 100644 --- a/assets/queries/k8s/statefulset_without_pod_disruption_budget/metadata.json +++ b/assets/queries/k8s/statefulset_without_pod_disruption_budget/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/run-application/configure-pdb/", "platform": "Kubernetes", "descriptionID": "f3c77130", + "cloudProvider": "common", "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/k8s/statefulset_without_service_name/metadata.json b/assets/queries/k8s/statefulset_without_service_name/metadata.json index 9d5bed7296e..9abf79b01c4 100644 --- a/assets/queries/k8s/statefulset_without_service_name/metadata.json +++ b/assets/queries/k8s/statefulset_without_service_name/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/", "platform": "Kubernetes", "descriptionID": "2ce554f2", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/terminated_pod_garbage_collector_threshold_not_properly_set/metadata.json b/assets/queries/k8s/terminated_pod_garbage_collector_threshold_not_properly_set/metadata.json index 2f87462c4bb..3a76f03351a 100644 --- a/assets/queries/k8s/terminated_pod_garbage_collector_threshold_not_properly_set/metadata.json +++ b/assets/queries/k8s/terminated_pod_garbage_collector_threshold_not_properly_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/", "platform": "Kubernetes", "descriptionID": "19ea96ee", + "cloudProvider": "common", "cwe": "460" } \ No newline at end of file diff --git a/assets/queries/k8s/tiller_deployment_is_accessible_from_within_the_cluster/metadata.json b/assets/queries/k8s/tiller_deployment_is_accessible_from_within_the_cluster/metadata.json index d9d7ac50b19..25f6b812710 100644 --- a/assets/queries/k8s/tiller_deployment_is_accessible_from_within_the_cluster/metadata.json +++ b/assets/queries/k8s/tiller_deployment_is_accessible_from_within_the_cluster/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/containers/images/", "platform": "Kubernetes", "descriptionID": "615614b8", + "cloudProvider": "common", "cwe": "286" } \ No newline at end of file diff --git a/assets/queries/k8s/tiller_is_deployed/metadata.json b/assets/queries/k8s/tiller_is_deployed/metadata.json index 0d191f342c8..e2c78415f46 100644 --- a/assets/queries/k8s/tiller_is_deployed/metadata.json +++ b/assets/queries/k8s/tiller_is_deployed/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/containers/images/", "platform": "Kubernetes", "descriptionID": "b0a009b5", + "cloudProvider": "common", "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/k8s/tiller_service_is_not_deleted/metadata.json b/assets/queries/k8s/tiller_service_is_not_deleted/metadata.json index cc83af69875..88063d28c2d 100644 --- a/assets/queries/k8s/tiller_service_is_not_deleted/metadata.json +++ b/assets/queries/k8s/tiller_service_is_not_deleted/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/service", "platform": "Kubernetes", "descriptionID": "4e704117", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/tls_connection_certificate_not_setup/metadata.json b/assets/queries/k8s/tls_connection_certificate_not_setup/metadata.json index 0af6d922ed6..1a318434ca7 100644 --- a/assets/queries/k8s/tls_connection_certificate_not_setup/metadata.json +++ b/assets/queries/k8s/tls_connection_certificate_not_setup/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", "platform": "Kubernetes", "descriptionID": "c8b75f30", + "cloudProvider": "common", "cwe": "295", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/token_auth_file_is_set/metadata.json b/assets/queries/k8s/token_auth_file_is_set/metadata.json index 92f34c88db7..b4526b5c871 100644 --- a/assets/queries/k8s/token_auth_file_is_set/metadata.json +++ b/assets/queries/k8s/token_auth_file_is_set/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", "platform": "Kubernetes", "descriptionID": "5aa79e60", + "cloudProvider": "common", "cwe": "285" } \ No newline at end of file diff --git a/assets/queries/k8s/use_service_account_credentials_not_set_to_true/metadata.json b/assets/queries/k8s/use_service_account_credentials_not_set_to_true/metadata.json index d762d355cb8..e1198bf2165 100644 --- a/assets/queries/k8s/use_service_account_credentials_not_set_to_true/metadata.json +++ b/assets/queries/k8s/use_service_account_credentials_not_set_to_true/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/", "platform": "Kubernetes", "descriptionID": "f6b4d617", + "cloudProvider": "common", "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/k8s/using_kubernetes_native_secret_management/metadata.json b/assets/queries/k8s/using_kubernetes_native_secret_management/metadata.json index e90522f5574..f47c35aad00 100644 --- a/assets/queries/k8s/using_kubernetes_native_secret_management/metadata.json +++ b/assets/queries/k8s/using_kubernetes_native_secret_management/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/configuration/secret/", "platform": "Kubernetes", "descriptionID": "3d7b569c", + "cloudProvider": "common", "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/k8s/using_unrecommended_namespace/metadata.json b/assets/queries/k8s/using_unrecommended_namespace/metadata.json index 30dfa26fc7d..6c356ef0cf3 100644 --- a/assets/queries/k8s/using_unrecommended_namespace/metadata.json +++ b/assets/queries/k8s/using_unrecommended_namespace/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/", "platform": "Kubernetes", "descriptionID": "29549ea9", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/metadata.json b/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/metadata.json index 20ec36d7636..123ece67e7e 100644 --- a/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/metadata.json +++ b/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/storage/volumes/", "platform": "Kubernetes", "descriptionID": "e42b7901", + "cloudProvider": "common", "cwe": "284", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/k8s/weak_tls_cipher_suites/metadata.json b/assets/queries/k8s/weak_tls_cipher_suites/metadata.json index 9b34c859187..56540b627ff 100644 --- a/assets/queries/k8s/weak_tls_cipher_suites/metadata.json +++ b/assets/queries/k8s/weak_tls_cipher_suites/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/", "platform": "Kubernetes", "descriptionID": "cbb6cab8", + "cloudProvider": "common", "cwe": "326" } \ No newline at end of file diff --git a/assets/queries/k8s/workload_host_port_not_specified/metadata.json b/assets/queries/k8s/workload_host_port_not_specified/metadata.json index 770f1c448b9..7eaef119ea4 100644 --- a/assets/queries/k8s/workload_host_port_not_specified/metadata.json +++ b/assets/queries/k8s/workload_host_port_not_specified/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#exposing-the-service", "platform": "Kubernetes", "descriptionID": "dba41ddb", + "cloudProvider": "common", "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/metadata.json b/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/metadata.json index adbf37ce81f..50a7d395bed 100644 --- a/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/metadata.json +++ b/assets/queries/k8s/workload_mounting_with_sensitive_os_directory/metadata.json @@ -7,6 +7,7 @@ "descriptionUrl": "https://kubernetes.io/docs/concepts/policy/pod-security-policy/", "platform": "Kubernetes", "descriptionID": "73339cde", + "cloudProvider": "common", "cwe": "200", "oldSeverity": "MEDIUM" } \ No newline at end of file From 2d45cd28e524ed10c49a0d4873fc53e11aeef91c Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Tue, 2 Jul 2024 15:35:43 +0100 Subject: [PATCH 07/10] add cwe infos to all cloudFormation queries --- .../aws/access_key_not_rotated_within_90_days/metadata.json | 2 +- .../aws/alb_is_not_integrated_with_waf/metadata.json | 2 +- .../cloudFormation/aws/alb_listening_on_http/metadata.json | 2 +- .../alexa_skill_plaintext_client_secret_exposed/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/amazon_mq_broker_encryption_disabled/metadata.json | 2 +- .../aws/amplify_app_access_token_exposed/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/amplify_app_oauth_token_exposed/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/api_gateway_access_logging_disabled/metadata.json | 2 +- .../aws/api_gateway_cache_cluster_disabled/metadata.json | 2 +- .../aws/api_gateway_cache_encrypted_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../api_gateway_endpoint_config_is_not_private/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../aws/api_gateway_with_invalid_compression/metadata.json | 2 +- .../aws/api_gateway_with_open_access/metadata.json | 2 +- .../api_gateway_without_configured_authorizer/metadata.json | 2 +- .../aws/api_gateway_without_security_policy/metadata.json | 2 +- .../aws/api_gateway_without_ssl_certificate/metadata.json | 2 +- .../cloudFormation/aws/api_gateway_without_waf/metadata.json | 2 +- .../aws/api_gateway_xray_disabled/metadata.json | 2 +- .../auto_scaling_group_with_no_associated_elb/metadata.json | 2 +- .../aws/automatic_minor_upgrades_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/cdn_configuration_is_missing/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/cloudfront_logging_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../cloudfront_without_minimum_protocol_tls_1.2/metadata.json | 2 +- .../cloudFormation/aws/cloudfront_without_waf/metadata.json | 2 +- .../aws/cloudtrail_log_file_validation_disabled/metadata.json | 2 +- .../cloudtrail_log_files_not_encrypted_with_kms/metadata.json | 2 +- .../aws/cloudtrail_logging_disabled/metadata.json | 2 +- .../aws/cloudtrail_multi_region_disabled/metadata.json | 2 +- .../cloudtrail_not_integrated_with_cloudwatch/metadata.json | 2 +- .../aws/cloudtrail_sns_topic_name_undefined/metadata.json | 2 +- .../aws/cloudwatch_logging_disabled/metadata.json | 2 +- .../aws/cloudwatch_metrics_disabled/metadata.json | 2 +- .../queries/cloudFormation/aws/cmk_is_unusable/metadata.json | 2 +- .../cloudFormation/aws/cmk_rotation_disabled/metadata.json | 2 +- .../cloudFormation/aws/cmk_unencrypted_storage/metadata.json | 2 +- .../cloudFormation/aws/codebuild_not_encrypted/metadata.json | 2 +- .../aws/cognito_userpool_without_mfa/metadata.json | 2 +- .../metadata.json | 2 +- .../config_rule_for_encryption_volumes_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../aws/db_security_group_open_to_large_scope/metadata.json | 2 +- .../aws/db_security_group_with_public_scope/metadata.json | 2 +- .../cloudFormation/aws/default_kms_key_usage/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../aws/dms_endpoint_password_exposed/metadata.json | 2 +- .../docdb_cluster_master_password_in_plaintext/metadata.json | 2 +- .../cloudFormation/aws/docdb_logging_disabled/metadata.json | 2 +- .../aws/dynamodb_table_not_encrypted/metadata.json | 2 +- .../metadata.json | 3 ++- .../aws/dynamodb_with_aws_owned_cmk/metadata.json | 2 +- .../metadata.json | 2 +- .../test/positive_expected_result.json | 4 ++-- .../aws/ebs_volume_encryption_disabled/metadata.json | 2 +- .../aws/ebs_volume_not_attached_to_instances/metadata.json | 2 +- .../aws/ebs_volume_without_kms_key_id/metadata.json | 2 +- .../aws/ec2_instance_has_no_iam_role/metadata.json | 2 +- .../aws/ec2_instance_monitoring_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../ec2_instance_using_default_security_group/metadata.json | 2 +- .../aws/ec2_instance_using_default_vpc/metadata.json | 2 +- .../aws/ec2_network_acl_duplicate_rule/metadata.json | 2 +- .../ec2_network_acl_ineffective_denied_traffic/metadata.json | 2 +- .../aws/ec2_network_acl_overlapping_ports/metadata.json | 2 +- .../cloudFormation/aws/ec2_not_ebs_optimized/metadata.json | 2 +- .../aws/ec2_permissive_network_acl_protocols/metadata.json | 2 +- .../ec2_public_instance_exposed_through_subnet/metadata.json | 2 +- .../aws/ec2_sensitive_port_is_publicly_exposed/metadata.json | 2 +- .../aws/ecr_image_tag_not_immutable/metadata.json | 2 +- .../aws/ecr_repository_is_publicly_accessible/metadata.json | 2 +- .../aws/ecs_cluster_container_insights_disabled/metadata.json | 3 ++- .../aws/ecs_cluster_not_encrypted_at_rest/metadata.json | 2 +- .../aws/ecs_no_load_balancer_attached/metadata.json | 2 +- .../aws/ecs_service_admin_role_is_present/metadata.json | 2 +- .../aws/ecs_service_without_running_tasks/metadata.json | 2 +- .../aws/ecs_task_definition_healthcheck_missing/metadata.json | 2 +- .../ecs_task_definition_invalid_cpu_or_memory/metadata.json | 4 ++-- .../metadata.json | 2 +- .../cloudFormation/aws/efs_not_encrypted/metadata.json | 2 +- .../efs_volume_with_disabled_transit_encryption/metadata.json | 2 +- .../queries/cloudFormation/aws/efs_without_kms/metadata.json | 2 +- .../queries/cloudFormation/aws/efs_without_tags/metadata.json | 2 +- .../aws/eks_node_group_remote_access/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/elasticache_using_default_port/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../cloudFormation/aws/elasticache_without_vpc/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/elasticsearch_logs_disabled/metadata.json | 2 +- .../aws/elasticsearch_not_encrypted_at_rest/metadata.json | 2 +- .../aws/elasticsearch_with_https_disabled/metadata.json | 2 +- .../elasticsearch_without_iam_authentication/metadata.json | 2 +- .../aws/elasticsearch_without_slow_logs/metadata.json | 2 +- .../cloudFormation/aws/elb_access_log_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/elb_using_insecure_protocols/metadata.json | 2 +- .../cloudFormation/aws/elb_using_weak_ciphers/metadata.json | 2 +- .../aws/elb_v2_alb_access_log_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../aws/elb_without_secure_protocol/metadata.json | 2 +- .../metadata.json | 2 +- .../emr_cluster_without_security_configuration/metadata.json | 2 +- .../metadata.json | 2 +- .../queries/cloudFormation/aws/emr_wihout_vpc/metadata.json | 2 +- .../cloudFormation/aws/fully_open_ingress/metadata.json | 2 +- .../metadata.json | 2 +- .../cloudFormation/aws/geo_restriction_disabled/metadata.json | 2 +- .../aws/github_repository_set_to_public/metadata.json | 2 +- .../aws/guardduty_detector_disabled/metadata.json | 2 +- .../aws/hardcoded_aws_access_key_in_lambda/metadata.json | 2 +- .../queries/cloudFormation/aws/http_port_open/metadata.json | 2 +- .../aws/iam_access_analyzer_not_enabled/metadata.json | 2 +- .../aws/iam_database_auth_not_enabled/metadata.json | 2 +- .../cloudFormation/aws/iam_group_without_users/metadata.json | 2 +- .../aws/iam_groups_inline_policies/metadata.json | 2 +- .../aws/iam_managed_policy_applied_to_a_user/metadata.json | 2 +- .../aws/iam_password_without_minimum_length/metadata.json | 2 +- .../aws/iam_policies_attached_to_user/metadata.json | 2 +- .../aws/iam_policies_with_full_privileges/metadata.json | 2 +- .../aws/iam_policies_without_groups/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/iam_policy_grants_full_permissions/metadata.json | 2 +- .../cloudFormation/aws/iam_policy_on_user/metadata.json | 2 +- .../iam_role_allows_all_principals_to_assume/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/iam_user_too_many_access_keys/metadata.json | 2 +- .../cloudFormation/aws/iam_user_with_no_group/metadata.json | 2 +- .../inline_policies_are_attached_to_ecs_service/metadata.json | 2 +- .../cloudFormation/aws/instance_with_no_vpc/metadata.json | 2 +- .../aws/iot_policy_allows_action_as_wildcard/metadata.json | 2 +- .../aws/iot_policy_allows_wildcard_resource/metadata.json | 2 +- .../aws/kinesis_sse_not_configured/metadata.json | 2 +- .../aws/kms_allows_wildcard_principal/metadata.json | 2 +- .../aws/kms_enable_key_rotation_disabled/metadata.json | 2 +- .../aws/kms_key_with_full_permissions/metadata.json | 2 +- .../lambda_function_without_dead_letter_queue/metadata.json | 2 +- .../aws/lambda_function_without_tags/metadata.json | 2 +- .../aws/lambda_functions_with_full_privileges/metadata.json | 2 +- .../lambda_functions_without_unique_iam_roles/metadata.json | 2 +- .../aws/lambda_functions_without_x-ray_tracing/metadata.json | 2 +- .../aws/lambda_permission_misconfigured/metadata.json | 2 +- .../aws/lambda_permission_principal_is_wildcard/metadata.json | 2 +- .../aws/low_rds_backup_retention_period/metadata.json | 2 +- .../aws/mq_broker_is_publicly_accessible/metadata.json | 2 +- .../aws/mq_broker_logging_disabled/metadata.json | 2 +- .../aws/msk_broker_is_publicly_accessible/metadata.json | 2 +- .../aws/msk_cluster_encryption_disabled/metadata.json | 2 +- .../aws/msk_cluster_logging_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../aws/public_lambda_via_api_gateway/metadata.json | 2 +- .../aws/rds_associated_with_public_subnet/metadata.json | 2 +- .../aws/rds_db_instance_publicly_accessible/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/rds_multi_az_deployment_disabled/metadata.json | 2 +- .../aws/rds_storage_encryption_disabled/metadata.json | 2 +- .../aws/rds_storage_not_encrypted/metadata.json | 2 +- .../cloudFormation/aws/rds_using_default_port/metadata.json | 2 +- .../cloudFormation/aws/rds_with_backup_disabled/metadata.json | 2 +- .../aws/redshift_cluster_logging_disabled/metadata.json | 2 +- .../aws/redshift_cluster_without_kms_cmk/metadata.json | 2 +- .../cloudFormation/aws/redshift_not_encrypted/metadata.json | 2 +- .../aws/redshift_publicly_accessible/metadata.json | 2 +- .../aws/redshift_using_default_port/metadata.json | 2 +- .../cloudFormation/aws/refresh_token_is_exposed/metadata.json | 2 +- .../aws/remote_desktop_port_open_to_internet/metadata.json | 2 +- .../aws/root_account_has_active_access_keys/metadata.json | 2 +- .../cloudFormation/aws/route53_record_undefined/metadata.json | 2 +- .../aws/routertable_with_default_routing/metadata.json | 2 +- .../aws/s3_bucket_access_to_any_principal/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/s3_bucket_acl_allows_read_to_all_users/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../aws/s3_bucket_allows_public_acl/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../aws/s3_bucket_cloudtrail_logging_disabled/metadata.json | 2 +- .../aws/s3_bucket_logging_disabled/metadata.json | 2 +- .../aws/s3_bucket_should_have_bucket_policy/metadata.json | 2 +- .../aws/s3_bucket_with_all_permissions/metadata.json | 2 +- .../aws/s3_bucket_with_public_policy/metadata.json | 2 +- .../aws/s3_bucket_with_unsecured_cors_rule/metadata.json | 2 +- .../aws/s3_bucket_without_ignore_public_acl/metadata.json | 2 +- .../metadata.json | 2 +- .../s3_bucket_without_server_side_encryption/metadata.json | 2 +- .../aws/s3_bucket_without_ssl_in_write_actions/metadata.json | 2 +- .../aws/s3_bucket_without_versioning/metadata.json | 2 +- .../aws/s3_static_website_host_enabled/metadata.json | 2 +- .../aws/sagemaker_data_encryption_disabled/metadata.json | 2 +- .../aws/sagemaker_enabling_internet_access/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/sagemaker_notebook_not_placed_in_vpc/metadata.json | 2 +- .../aws/sdb_domain_declared_as_a_resource/metadata.json | 2 +- .../secrets_manager_should_specify_kms_key_id/metadata.json | 2 +- .../cloudFormation/aws/secure_ciphers_disabled/metadata.json | 2 +- .../security_group_egress_cidr_open_to_world/metadata.json | 2 +- .../security_group_egress_with_all_protocols/metadata.json | 2 +- .../aws/security_group_egress_with_port_range/metadata.json | 2 +- .../metadata.json | 2 +- .../security_group_ingress_with_all_protocols/metadata.json | 2 +- .../aws/security_group_ingress_with_port_range/metadata.json | 2 +- .../aws/security_group_rule_without_description/metadata.json | 2 +- .../metadata.json | 2 +- .../security_groups_unrestricted_access_to_rdp/metadata.json | 2 +- .../security_groups_with_exhibited_admin_ports/metadata.json | 2 +- .../aws/security_groups_with_meta_ip/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/security_groups_without_vpc_attached/metadata.json | 2 +- .../aws/shield_advanced_not_in_use/metadata.json | 2 +- .../aws/sns_topic_is_publicly_accessible/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/sns_topic_without_kms_master_key_id/metadata.json | 2 +- .../aws/sqs_policy_with_public_access/metadata.json | 2 +- .../cloudFormation/aws/sqs_with_sse_disabled/metadata.json | 2 +- .../aws/stack_notifications_disabled/metadata.json | 2 +- .../cloudFormation/aws/stack_retention_disabled/metadata.json | 2 +- .../aws/support_has_no_role_associated/metadata.json | 2 +- .../metadata.json | 2 +- .../aws/unknown_port_exposed_to_internet/metadata.json | 2 +- .../aws/unrestricted_security_group_ingress/metadata.json | 2 +- .../cloudFormation/aws/unscanned_ecr_image/metadata.json | 2 +- .../aws/user_data_contains_encoded_private_key/metadata.json | 2 +- .../user_iam_missing_password_reset_required/metadata.json | 2 +- .../aws/vpc_attached_with_too_many_gateways/metadata.json | 2 +- .../cloudFormation/aws/vpc_flowlogs_disabled/metadata.json | 2 +- .../aws/vpc_without_attached_subnet/metadata.json | 2 +- .../aws/vpc_without_network_firewall/metadata.json | 2 +- .../aws/vulnerable_default_ssl_certificate/metadata.json | 2 +- .../aws/webacl_allow_defaultaction/metadata.json | 2 +- .../aws/wildcard_in_acm_certificate_domain_name/metadata.json | 2 +- .../aws/workspace_without_encryption/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/cassandra/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/dynamo/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/ebs/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/efs/metadata.json | 2 +- .../queries/cloudFormation/aws_bom/elasticache/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/kinesis/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/mq/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/msk/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/rds/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/s3_bucket/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/sns/metadata.json | 2 +- assets/queries/cloudFormation/aws_bom/sqs/metadata.json | 2 +- .../metadata.json | 2 +- .../serverless_api_cache_cluster_disabled/metadata.json | 2 +- .../serverless_api_endpoint_config_not_private/metadata.json | 2 +- .../serverless_api_without_content_encoding/metadata.json | 2 +- .../serverless_api_xray_tracing_disabled/metadata.json | 2 +- .../metadata.json | 2 +- .../metadata.json | 2 +- .../aws_sam/serverless_function_without_tags/metadata.json | 2 +- .../serverless_function_without_unique_iam_role/metadata.json | 2 +- .../serverless_function_without_x-ray_tracing/metadata.json | 2 +- 271 files changed, 275 insertions(+), 273 deletions(-) diff --git a/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json b/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json index a80a67ffe7d..94c51fdb33d 100644 --- a/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json +++ b/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "148d40cb", "cloudProvider": "aws", - "cwe": "" + "cwe": "522" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/alb_is_not_integrated_with_waf/metadata.json b/assets/queries/cloudFormation/aws/alb_is_not_integrated_with_waf/metadata.json index 417c0b43328..26994dc3208 100644 --- a/assets/queries/cloudFormation/aws/alb_is_not_integrated_with_waf/metadata.json +++ b/assets/queries/cloudFormation/aws/alb_is_not_integrated_with_waf/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "2cad71a7", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/alb_listening_on_http/metadata.json b/assets/queries/cloudFormation/aws/alb_listening_on_http/metadata.json index 498d2bbeb36..2e274009cb0 100644 --- a/assets/queries/cloudFormation/aws/alb_listening_on_http/metadata.json +++ b/assets/queries/cloudFormation/aws/alb_listening_on_http/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "55f05412", "cloudProvider": "aws", - "cwe": "", + "cwe": "319", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/alexa_skill_plaintext_client_secret_exposed/metadata.json b/assets/queries/cloudFormation/aws/alexa_skill_plaintext_client_secret_exposed/metadata.json index 363b9276287..f5e1c48597a 100644 --- a/assets/queries/cloudFormation/aws/alexa_skill_plaintext_client_secret_exposed/metadata.json +++ b/assets/queries/cloudFormation/aws/alexa_skill_plaintext_client_secret_exposed/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "cd21865c", "cloudProvider": "aws", - "cwe": "" + "cwe": "256" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amazon_dms_replication_instance_is_publicly_accessible/metadata.json b/assets/queries/cloudFormation/aws/amazon_dms_replication_instance_is_publicly_accessible/metadata.json index 43a39e158d4..3771dcc43de 100644 --- a/assets/queries/cloudFormation/aws/amazon_dms_replication_instance_is_publicly_accessible/metadata.json +++ b/assets/queries/cloudFormation/aws/amazon_dms_replication_instance_is_publicly_accessible/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "bc97aed1", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amazon_mq_broker_encryption_disabled/metadata.json b/assets/queries/cloudFormation/aws/amazon_mq_broker_encryption_disabled/metadata.json index 221ca1a888e..db095af5418 100644 --- a/assets/queries/cloudFormation/aws/amazon_mq_broker_encryption_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/amazon_mq_broker_encryption_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "c5d562da", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amplify_app_access_token_exposed/metadata.json b/assets/queries/cloudFormation/aws/amplify_app_access_token_exposed/metadata.json index ceac1065923..54c6968b364 100644 --- a/assets/queries/cloudFormation/aws/amplify_app_access_token_exposed/metadata.json +++ b/assets/queries/cloudFormation/aws/amplify_app_access_token_exposed/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "40717425", "cloudProvider": "aws", - "cwe": "", + "cwe": "798", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amplify_app_basic_auth_config_password_exposed/metadata.json b/assets/queries/cloudFormation/aws/amplify_app_basic_auth_config_password_exposed/metadata.json index 87615b7682d..1108136987d 100644 --- a/assets/queries/cloudFormation/aws/amplify_app_basic_auth_config_password_exposed/metadata.json +++ b/assets/queries/cloudFormation/aws/amplify_app_basic_auth_config_password_exposed/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "20573b94", "cloudProvider": "aws", - "cwe": "", + "cwe": "798", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amplify_app_oauth_token_exposed/metadata.json b/assets/queries/cloudFormation/aws/amplify_app_oauth_token_exposed/metadata.json index 7c42484d577..97dea205915 100644 --- a/assets/queries/cloudFormation/aws/amplify_app_oauth_token_exposed/metadata.json +++ b/assets/queries/cloudFormation/aws/amplify_app_oauth_token_exposed/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "c9abb2c8", "cloudProvider": "aws", - "cwe": "", + "cwe": "798", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/amplify_branch_basic_auth_config_password_exposed/metadata.json b/assets/queries/cloudFormation/aws/amplify_branch_basic_auth_config_password_exposed/metadata.json index ac064db9291..d708a52f66a 100644 --- a/assets/queries/cloudFormation/aws/amplify_branch_basic_auth_config_password_exposed/metadata.json +++ b/assets/queries/cloudFormation/aws/amplify_branch_basic_auth_config_password_exposed/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "f68a0ad6", "cloudProvider": "aws", - "cwe": "", + "cwe": "256", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json index 0e6a78bd9f8..455f5a1ca0e 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "2a69fc63", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_cache_cluster_disabled/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_cache_cluster_disabled/metadata.json index 975377a772b..b8a02c9b2da 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_cache_cluster_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_cache_cluster_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "c5c1c902", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_cache_encrypted_disabled/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_cache_encrypted_disabled/metadata.json index e8ead2b1865..e8a18734732 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_cache_encrypted_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_cache_encrypted_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "16f89b5d", "cloudProvider": "aws", - "cwe": "" + "cwe": "316" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_deployment_without_access_log_setting/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_deployment_without_access_log_setting/metadata.json index 54ac21232fe..6920af81ce6 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_deployment_without_access_log_setting/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_deployment_without_access_log_setting/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "9587628c", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_deployment_without_api_gateway_usage_plan_associated/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_deployment_without_api_gateway_usage_plan_associated/metadata.json index 465aaf30345..00bc2b58e2e 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_deployment_without_api_gateway_usage_plan_associated/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_deployment_without_api_gateway_usage_plan_associated/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "8161e665", "cloudProvider": "aws", - "cwe": "" + "cwe": "770" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_endpoint_config_is_not_private/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_endpoint_config_is_not_private/metadata.json index 4515db6534a..d30bf030e05 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_endpoint_config_is_not_private/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_endpoint_config_is_not_private/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "f370d030", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_method_does_not_contains_an_api_key/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_method_does_not_contains_an_api_key/metadata.json index b348049087e..7163dfe0f2a 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_method_does_not_contains_an_api_key/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_method_does_not_contains_an_api_key/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "43a06e88", "cloudProvider": "aws", - "cwe": "" + "cwe": "285" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_stage_without_api_gateway_usage_plan_associated/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_stage_without_api_gateway_usage_plan_associated/metadata.json index d21c5a34fea..6df0ccb83a8 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_stage_without_api_gateway_usage_plan_associated/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_stage_without_api_gateway_usage_plan_associated/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "ad012827", "cloudProvider": "aws", - "cwe": "" + "cwe": "770" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_with_invalid_compression/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_with_invalid_compression/metadata.json index 5c2c0e1a2c8..e443026b47b 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_with_invalid_compression/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_with_invalid_compression/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "de76ae0f", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_with_open_access/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_with_open_access/metadata.json index e99012bde88..25f9ec327cd 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_with_open_access/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_with_open_access/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "d8d6ab46", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_without_configured_authorizer/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_without_configured_authorizer/metadata.json index 50bdf7232fa..d810e115767 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_without_configured_authorizer/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_without_configured_authorizer/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "5734fbc7", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_without_security_policy/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_without_security_policy/metadata.json index 65ae2129b17..9d030e964ef 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_without_security_policy/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_without_security_policy/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "92418e29", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_without_ssl_certificate/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_without_ssl_certificate/metadata.json index 41ac31ec595..a98e96e76a7 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_without_ssl_certificate/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_without_ssl_certificate/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "95c8b13a", "cloudProvider": "aws", - "cwe": "" + "cwe": "295" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_without_waf/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_without_waf/metadata.json index 403e932234d..3912939b592 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_without_waf/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_without_waf/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "774d759c", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/api_gateway_xray_disabled/metadata.json b/assets/queries/cloudFormation/aws/api_gateway_xray_disabled/metadata.json index b31a20ac0ac..ebe635b5f43 100644 --- a/assets/queries/cloudFormation/aws/api_gateway_xray_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/api_gateway_xray_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "7db1d7b0", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/auto_scaling_group_with_no_associated_elb/metadata.json b/assets/queries/cloudFormation/aws/auto_scaling_group_with_no_associated_elb/metadata.json index 58bb765c59b..5988971e400 100644 --- a/assets/queries/cloudFormation/aws/auto_scaling_group_with_no_associated_elb/metadata.json +++ b/assets/queries/cloudFormation/aws/auto_scaling_group_with_no_associated_elb/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "99966f58", "cloudProvider": "aws", - "cwe": "" + "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/automatic_minor_upgrades_disabled/metadata.json b/assets/queries/cloudFormation/aws/automatic_minor_upgrades_disabled/metadata.json index 3bbac06ea1a..8ca3bc5661f 100644 --- a/assets/queries/cloudFormation/aws/automatic_minor_upgrades_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/automatic_minor_upgrades_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e2908402", "cloudProvider": "aws", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/batch_job_definition_with_privileged_container_properties/metadata.json b/assets/queries/cloudFormation/aws/batch_job_definition_with_privileged_container_properties/metadata.json index ec66a61e155..1170c81933d 100644 --- a/assets/queries/cloudFormation/aws/batch_job_definition_with_privileged_container_properties/metadata.json +++ b/assets/queries/cloudFormation/aws/batch_job_definition_with_privileged_container_properties/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "c8983ada", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cdn_configuration_is_missing/metadata.json b/assets/queries/cloudFormation/aws/cdn_configuration_is_missing/metadata.json index 90541a2cd6d..b613da47504 100644 --- a/assets/queries/cloudFormation/aws/cdn_configuration_is_missing/metadata.json +++ b/assets/queries/cloudFormation/aws/cdn_configuration_is_missing/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "6a8090b9", "cloudProvider": "aws", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudformation_specifying_credentials_not_safe/metadata.json b/assets/queries/cloudFormation/aws/cloudformation_specifying_credentials_not_safe/metadata.json index 93885b5f21c..5138614017f 100644 --- a/assets/queries/cloudFormation/aws/cloudformation_specifying_credentials_not_safe/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudformation_specifying_credentials_not_safe/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "694c6fa8", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudfront_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/cloudfront_logging_disabled/metadata.json index 351eff1bb0d..21121cfddec 100644 --- a/assets/queries/cloudFormation/aws/cloudfront_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudfront_logging_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "3254d6d0", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudfront_viewer_protocol_policy_allows_http/metadata.json b/assets/queries/cloudFormation/aws/cloudfront_viewer_protocol_policy_allows_http/metadata.json index 7afbf7bf164..c6d03669f71 100644 --- a/assets/queries/cloudFormation/aws/cloudfront_viewer_protocol_policy_allows_http/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudfront_viewer_protocol_policy_allows_http/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "bf860aba", "cloudProvider": "aws", - "cwe": "", + "cwe": "319", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/metadata.json b/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/metadata.json index 8029e5e25f8..0e4069187c9 100644 --- a/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "e86728bc", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudfront_without_waf/metadata.json b/assets/queries/cloudFormation/aws/cloudfront_without_waf/metadata.json index 2778366e2bb..d2ca68de56d 100644 --- a/assets/queries/cloudFormation/aws/cloudfront_without_waf/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudfront_without_waf/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "fae904ce", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_log_file_validation_disabled/metadata.json b/assets/queries/cloudFormation/aws/cloudtrail_log_file_validation_disabled/metadata.json index 351d5e47f76..3b1631aab46 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_log_file_validation_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_log_file_validation_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "66ab1b20", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_log_files_not_encrypted_with_kms/metadata.json b/assets/queries/cloudFormation/aws/cloudtrail_log_files_not_encrypted_with_kms/metadata.json index 541db243af5..8bc009624e5 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_log_files_not_encrypted_with_kms/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_log_files_not_encrypted_with_kms/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "cdc07a23", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/cloudtrail_logging_disabled/metadata.json index 0282131c89f..e86690142e6 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_logging_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "8cabc568", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_multi_region_disabled/metadata.json b/assets/queries/cloudFormation/aws/cloudtrail_multi_region_disabled/metadata.json index c73af6b140c..32e229f245c 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_multi_region_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_multi_region_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "34ddc2cb", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_not_integrated_with_cloudwatch/metadata.json b/assets/queries/cloudFormation/aws/cloudtrail_not_integrated_with_cloudwatch/metadata.json index 003c7593fb8..c75fc69e887 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_not_integrated_with_cloudwatch/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_not_integrated_with_cloudwatch/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "f43ba695", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudtrail_sns_topic_name_undefined/metadata.json b/assets/queries/cloudFormation/aws/cloudtrail_sns_topic_name_undefined/metadata.json index cd0b6df2001..80878cdfb68 100644 --- a/assets/queries/cloudFormation/aws/cloudtrail_sns_topic_name_undefined/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudtrail_sns_topic_name_undefined/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "69327f38", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudwatch_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/cloudwatch_logging_disabled/metadata.json index 78a30999339..8d8c8445599 100644 --- a/assets/queries/cloudFormation/aws/cloudwatch_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudwatch_logging_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "617aba8a", "cloudProvider": "aws", - "cwe": "" + "cwe": "779" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cloudwatch_metrics_disabled/metadata.json b/assets/queries/cloudFormation/aws/cloudwatch_metrics_disabled/metadata.json index 158972137ac..a7a41c8cdd7 100644 --- a/assets/queries/cloudFormation/aws/cloudwatch_metrics_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/cloudwatch_metrics_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "72a550b1", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cmk_is_unusable/metadata.json b/assets/queries/cloudFormation/aws/cmk_is_unusable/metadata.json index 1617ac66ca3..670e3bc2233 100644 --- a/assets/queries/cloudFormation/aws/cmk_is_unusable/metadata.json +++ b/assets/queries/cloudFormation/aws/cmk_is_unusable/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "2e00cfbb", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cmk_rotation_disabled/metadata.json b/assets/queries/cloudFormation/aws/cmk_rotation_disabled/metadata.json index 85671140049..744f8787ffd 100644 --- a/assets/queries/cloudFormation/aws/cmk_rotation_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/cmk_rotation_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "64ffeb9f", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cmk_unencrypted_storage/metadata.json b/assets/queries/cloudFormation/aws/cmk_unencrypted_storage/metadata.json index 78c162fdfdd..91b22c4dd2a 100644 --- a/assets/queries/cloudFormation/aws/cmk_unencrypted_storage/metadata.json +++ b/assets/queries/cloudFormation/aws/cmk_unencrypted_storage/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "ba38e42e", "cloudProvider": "aws", - "cwe": "" + "cwe": "312" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/codebuild_not_encrypted/metadata.json b/assets/queries/cloudFormation/aws/codebuild_not_encrypted/metadata.json index f6fa4f0ad07..15138ca3e75 100644 --- a/assets/queries/cloudFormation/aws/codebuild_not_encrypted/metadata.json +++ b/assets/queries/cloudFormation/aws/codebuild_not_encrypted/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "3e1306b1", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cognito_userpool_without_mfa/metadata.json b/assets/queries/cloudFormation/aws/cognito_userpool_without_mfa/metadata.json index 11228780181..51d2b61c46b 100644 --- a/assets/queries/cloudFormation/aws/cognito_userpool_without_mfa/metadata.json +++ b/assets/queries/cloudFormation/aws/cognito_userpool_without_mfa/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "32d91e4e", "cloudProvider": "aws", - "cwe": "", + "cwe": "710", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/config_configuration_aggregator_to_all_regions_disabled/metadata.json b/assets/queries/cloudFormation/aws/config_configuration_aggregator_to_all_regions_disabled/metadata.json index 0ca2354f058..16f6a71f760 100644 --- a/assets/queries/cloudFormation/aws/config_configuration_aggregator_to_all_regions_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/config_configuration_aggregator_to_all_regions_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "fb6e5346", "cloudProvider": "aws", - "cwe": "", + "cwe": "710", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/config_rule_for_encryption_volumes_disabled/metadata.json b/assets/queries/cloudFormation/aws/config_rule_for_encryption_volumes_disabled/metadata.json index fa8f5290466..8d26b20f85d 100644 --- a/assets/queries/cloudFormation/aws/config_rule_for_encryption_volumes_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/config_rule_for_encryption_volumes_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "d0026f39", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/connection_between_cloudfront_origin_not_encrypted/metadata.json b/assets/queries/cloudFormation/aws/connection_between_cloudfront_origin_not_encrypted/metadata.json index a4dbfb76575..26459cbf2cd 100644 --- a/assets/queries/cloudFormation/aws/connection_between_cloudfront_origin_not_encrypted/metadata.json +++ b/assets/queries/cloudFormation/aws/connection_between_cloudfront_origin_not_encrypted/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "5e31354c", "cloudProvider": "aws", - "cwe": "", + "cwe": "319", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/metadata.json b/assets/queries/cloudFormation/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/metadata.json index 80ed538ab0c..95d0809ede6 100644 --- a/assets/queries/cloudFormation/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/metadata.json +++ b/assets/queries/cloudFormation/aws/cross_account_iam_assume_role_policy_without_external_id_or_mfa/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "8fca679f", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/db_security_group_open_to_large_scope/metadata.json b/assets/queries/cloudFormation/aws/db_security_group_open_to_large_scope/metadata.json index da782457c9a..7277e33f7b1 100644 --- a/assets/queries/cloudFormation/aws/db_security_group_open_to_large_scope/metadata.json +++ b/assets/queries/cloudFormation/aws/db_security_group_open_to_large_scope/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "feeb965a", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/db_security_group_with_public_scope/metadata.json b/assets/queries/cloudFormation/aws/db_security_group_with_public_scope/metadata.json index 1b97ffbc080..e1434a9147e 100644 --- a/assets/queries/cloudFormation/aws/db_security_group_with_public_scope/metadata.json +++ b/assets/queries/cloudFormation/aws/db_security_group_with_public_scope/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "3ddca0cc", "cloudProvider": "aws", - "cwe": "", + "cwe": "668", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/default_kms_key_usage/metadata.json b/assets/queries/cloudFormation/aws/default_kms_key_usage/metadata.json index 0396226d3a3..bc718aac695 100644 --- a/assets/queries/cloudFormation/aws/default_kms_key_usage/metadata.json +++ b/assets/queries/cloudFormation/aws/default_kms_key_usage/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "d479130b", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/default_security_groups_with_unrestricted_traffic/metadata.json b/assets/queries/cloudFormation/aws/default_security_groups_with_unrestricted_traffic/metadata.json index dd3782dbd23..8fd4fa0973d 100644 --- a/assets/queries/cloudFormation/aws/default_security_groups_with_unrestricted_traffic/metadata.json +++ b/assets/queries/cloudFormation/aws/default_security_groups_with_unrestricted_traffic/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "50b0269e", "cloudProvider": "aws", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/directory_service_microsoft_ad_password_set_to_plaintext_or_default_ref/metadata.json b/assets/queries/cloudFormation/aws/directory_service_microsoft_ad_password_set_to_plaintext_or_default_ref/metadata.json index 87dcd7aabaa..35e14b9359e 100644 --- a/assets/queries/cloudFormation/aws/directory_service_microsoft_ad_password_set_to_plaintext_or_default_ref/metadata.json +++ b/assets/queries/cloudFormation/aws/directory_service_microsoft_ad_password_set_to_plaintext_or_default_ref/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "98a72cac", "cloudProvider": "aws", - "cwe": "", + "cwe": "256", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/directory_service_simple_ad_password_exposed/metadata.json b/assets/queries/cloudFormation/aws/directory_service_simple_ad_password_exposed/metadata.json index a509fcd898b..4d50a3f5f86 100644 --- a/assets/queries/cloudFormation/aws/directory_service_simple_ad_password_exposed/metadata.json +++ b/assets/queries/cloudFormation/aws/directory_service_simple_ad_password_exposed/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "fc2c7fb8", "cloudProvider": "aws", - "cwe": "", + "cwe": "256", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/dms_endpoint_mongo_db_settings_password_exposed/metadata.json b/assets/queries/cloudFormation/aws/dms_endpoint_mongo_db_settings_password_exposed/metadata.json index bfa45b94bf5..0458c8305a3 100644 --- a/assets/queries/cloudFormation/aws/dms_endpoint_mongo_db_settings_password_exposed/metadata.json +++ b/assets/queries/cloudFormation/aws/dms_endpoint_mongo_db_settings_password_exposed/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "6f895308", "cloudProvider": "aws", - "cwe": "", + "cwe": "256", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/dms_endpoint_password_exposed/metadata.json b/assets/queries/cloudFormation/aws/dms_endpoint_password_exposed/metadata.json index 7a2c17b7b6e..9a5c3a864a7 100644 --- a/assets/queries/cloudFormation/aws/dms_endpoint_password_exposed/metadata.json +++ b/assets/queries/cloudFormation/aws/dms_endpoint_password_exposed/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "a48ba75f", "cloudProvider": "aws", - "cwe": "", + "cwe": "256", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/docdb_cluster_master_password_in_plaintext/metadata.json b/assets/queries/cloudFormation/aws/docdb_cluster_master_password_in_plaintext/metadata.json index 7282ea87adf..552f104d95b 100644 --- a/assets/queries/cloudFormation/aws/docdb_cluster_master_password_in_plaintext/metadata.json +++ b/assets/queries/cloudFormation/aws/docdb_cluster_master_password_in_plaintext/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "37fb585f", "cloudProvider": "aws", - "cwe": "", + "cwe": "256", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/docdb_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/docdb_logging_disabled/metadata.json index 82eedde0e76..122b357c75a 100644 --- a/assets/queries/cloudFormation/aws/docdb_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/docdb_logging_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "4818ceaf", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/dynamodb_table_not_encrypted/metadata.json b/assets/queries/cloudFormation/aws/dynamodb_table_not_encrypted/metadata.json index ad4e6b28234..30062aafe3d 100644 --- a/assets/queries/cloudFormation/aws/dynamodb_table_not_encrypted/metadata.json +++ b/assets/queries/cloudFormation/aws/dynamodb_table_not_encrypted/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "92975bc8", "cloudProvider": "aws", - "cwe": "", + "cwe": "312", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/dynamodb_table_point_in_time_recovery_disabled/metadata.json b/assets/queries/cloudFormation/aws/dynamodb_table_point_in_time_recovery_disabled/metadata.json index 8182205d01c..64e16a60477 100644 --- a/assets/queries/cloudFormation/aws/dynamodb_table_point_in_time_recovery_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/dynamodb_table_point_in_time_recovery_disabled/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-pointintimerecoveryspecification.html", "platform": "CloudFormation", "descriptionID": "a0a51171", - "cloudProvider": "aws" + "cloudProvider": "aws", + "cwe": "710" } diff --git a/assets/queries/cloudFormation/aws/dynamodb_with_aws_owned_cmk/metadata.json b/assets/queries/cloudFormation/aws/dynamodb_with_aws_owned_cmk/metadata.json index f738bff2f1d..035b07eb25d 100644 --- a/assets/queries/cloudFormation/aws/dynamodb_with_aws_owned_cmk/metadata.json +++ b/assets/queries/cloudFormation/aws/dynamodb_with_aws_owned_cmk/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "a71d0c61", "cloudProvider": "aws", - "cwe": "" + "cwe": "312" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/metadata.json b/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/metadata.json index 5baf41641c3..2d8f15bf408 100644 --- a/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/metadata.json +++ b/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/metadata.json @@ -1,6 +1,6 @@ { "id": "c333e906-8d8b-4275-b999-78b6318f8dc6", - "queryName": "DynamoDB With Not Recommented Table Billing Mode", + "queryName": "DynamoDB With Not Recommended Table Billing Mode", "severity": "LOW", "category": "Build Process", "descriptionText": "Checks if DynamoDB Table Billing Mode is set to either PAY_PER_REQUEST or PROVISIONED", diff --git a/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/test/positive_expected_result.json b/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/test/positive_expected_result.json index 58b3cf925a2..9d6b05aba69 100644 --- a/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/test/positive_expected_result.json +++ b/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/test/positive_expected_result.json @@ -1,12 +1,12 @@ [ { - "queryName": "DynamoDB With Not Recommented Table Billing Mode", + "queryName": "DynamoDB With Not Recommended Table Billing Mode", "severity": "LOW", "line": 13, "fileName": "positive1.yaml" }, { - "queryName": "DynamoDB With Not Recommented Table Billing Mode", + "queryName": "DynamoDB With Not Recommended Table Billing Mode", "severity": "LOW", "line": 16, "fileName": "positive2.json" diff --git a/assets/queries/cloudFormation/aws/ebs_volume_encryption_disabled/metadata.json b/assets/queries/cloudFormation/aws/ebs_volume_encryption_disabled/metadata.json index 0427a4a7149..294e976c8f2 100644 --- a/assets/queries/cloudFormation/aws/ebs_volume_encryption_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/ebs_volume_encryption_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "8a51c141", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ebs_volume_not_attached_to_instances/metadata.json b/assets/queries/cloudFormation/aws/ebs_volume_not_attached_to_instances/metadata.json index 09fc6f97cf2..6ae3d19264b 100644 --- a/assets/queries/cloudFormation/aws/ebs_volume_not_attached_to_instances/metadata.json +++ b/assets/queries/cloudFormation/aws/ebs_volume_not_attached_to_instances/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "33e2f7f6", "cloudProvider": "aws", - "cwe": "", + "cwe": "200", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ebs_volume_without_kms_key_id/metadata.json b/assets/queries/cloudFormation/aws/ebs_volume_without_kms_key_id/metadata.json index 85d3433a3b3..cc5a91cfdd7 100644 --- a/assets/queries/cloudFormation/aws/ebs_volume_without_kms_key_id/metadata.json +++ b/assets/queries/cloudFormation/aws/ebs_volume_without_kms_key_id/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "a10e872a", "cloudProvider": "aws", - "cwe": "", + "cwe": "710", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_instance_has_no_iam_role/metadata.json b/assets/queries/cloudFormation/aws/ec2_instance_has_no_iam_role/metadata.json index 7dcc969ac45..ba880ca0734 100644 --- a/assets/queries/cloudFormation/aws/ec2_instance_has_no_iam_role/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_instance_has_no_iam_role/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "bf34b145", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_instance_monitoring_disabled/metadata.json b/assets/queries/cloudFormation/aws/ec2_instance_monitoring_disabled/metadata.json index d4271d0ca3a..cabe2e13a5a 100644 --- a/assets/queries/cloudFormation/aws/ec2_instance_monitoring_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_instance_monitoring_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "81e4f520", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "INFO" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_instance_subnet_has_public_ip_mapping_on_launch/metadata.json b/assets/queries/cloudFormation/aws/ec2_instance_subnet_has_public_ip_mapping_on_launch/metadata.json index 065959c2ea9..713de6dc045 100644 --- a/assets/queries/cloudFormation/aws/ec2_instance_subnet_has_public_ip_mapping_on_launch/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_instance_subnet_has_public_ip_mapping_on_launch/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "22e3d598", "cloudProvider": "aws", - "cwe": "", + "cwe": "668", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_instance_using_default_security_group/metadata.json b/assets/queries/cloudFormation/aws/ec2_instance_using_default_security_group/metadata.json index 0dc14733b52..682d07d552c 100644 --- a/assets/queries/cloudFormation/aws/ec2_instance_using_default_security_group/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_instance_using_default_security_group/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "de993e1a", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_instance_using_default_vpc/metadata.json b/assets/queries/cloudFormation/aws/ec2_instance_using_default_vpc/metadata.json index 5f448b7f402..86ea2e76528 100644 --- a/assets/queries/cloudFormation/aws/ec2_instance_using_default_vpc/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_instance_using_default_vpc/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "8dd9abf5", "cloudProvider": "aws", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_network_acl_duplicate_rule/metadata.json b/assets/queries/cloudFormation/aws/ec2_network_acl_duplicate_rule/metadata.json index 19448853403..c3587494f2c 100644 --- a/assets/queries/cloudFormation/aws/ec2_network_acl_duplicate_rule/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_network_acl_duplicate_rule/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "27e96b39", "cloudProvider": "aws", - "cwe": "", + "cwe": "358", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_network_acl_ineffective_denied_traffic/metadata.json b/assets/queries/cloudFormation/aws/ec2_network_acl_ineffective_denied_traffic/metadata.json index fd74626bf59..50ec3629cf7 100644 --- a/assets/queries/cloudFormation/aws/ec2_network_acl_ineffective_denied_traffic/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_network_acl_ineffective_denied_traffic/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e8c34905", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_network_acl_overlapping_ports/metadata.json b/assets/queries/cloudFormation/aws/ec2_network_acl_overlapping_ports/metadata.json index 3937312232a..709a895806f 100644 --- a/assets/queries/cloudFormation/aws/ec2_network_acl_overlapping_ports/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_network_acl_overlapping_ports/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "cb7c8980", "cloudProvider": "aws", - "cwe": "", + "cwe": "385", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_not_ebs_optimized/metadata.json b/assets/queries/cloudFormation/aws/ec2_not_ebs_optimized/metadata.json index aad2a514e46..d6a7418b31f 100644 --- a/assets/queries/cloudFormation/aws/ec2_not_ebs_optimized/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_not_ebs_optimized/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "4d5e32ad", "cloudProvider": "aws", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_permissive_network_acl_protocols/metadata.json b/assets/queries/cloudFormation/aws/ec2_permissive_network_acl_protocols/metadata.json index 930d1054f1e..a265d4c96bb 100644 --- a/assets/queries/cloudFormation/aws/ec2_permissive_network_acl_protocols/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_permissive_network_acl_protocols/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "397e89de", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_public_instance_exposed_through_subnet/metadata.json b/assets/queries/cloudFormation/aws/ec2_public_instance_exposed_through_subnet/metadata.json index 806643561ce..71f0f6d21b0 100644 --- a/assets/queries/cloudFormation/aws/ec2_public_instance_exposed_through_subnet/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_public_instance_exposed_through_subnet/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "163e9a52", "cloudProvider": "aws", - "cwe": "", + "cwe": "668", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ec2_sensitive_port_is_publicly_exposed/metadata.json b/assets/queries/cloudFormation/aws/ec2_sensitive_port_is_publicly_exposed/metadata.json index 91e113e70f8..38e6827427f 100644 --- a/assets/queries/cloudFormation/aws/ec2_sensitive_port_is_publicly_exposed/metadata.json +++ b/assets/queries/cloudFormation/aws/ec2_sensitive_port_is_publicly_exposed/metadata.json @@ -9,5 +9,5 @@ "descriptionID": "680b7e89", "aggregation": 61, "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecr_image_tag_not_immutable/metadata.json b/assets/queries/cloudFormation/aws/ecr_image_tag_not_immutable/metadata.json index f39b24e6613..f509b39c162 100644 --- a/assets/queries/cloudFormation/aws/ecr_image_tag_not_immutable/metadata.json +++ b/assets/queries/cloudFormation/aws/ecr_image_tag_not_immutable/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "a4ed2a4f", "cloudProvider": "aws", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecr_repository_is_publicly_accessible/metadata.json b/assets/queries/cloudFormation/aws/ecr_repository_is_publicly_accessible/metadata.json index e95603a430f..cbfb4837569 100644 --- a/assets/queries/cloudFormation/aws/ecr_repository_is_publicly_accessible/metadata.json +++ b/assets/queries/cloudFormation/aws/ecr_repository_is_publicly_accessible/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "a85a7099", "cloudProvider": "aws", - "cwe": "", + "cwe": "668", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecs_cluster_container_insights_disabled/metadata.json b/assets/queries/cloudFormation/aws/ecs_cluster_container_insights_disabled/metadata.json index a3467279032..09ee4bc40c2 100644 --- a/assets/queries/cloudFormation/aws/ecs_cluster_container_insights_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/ecs_cluster_container_insights_disabled/metadata.json @@ -7,5 +7,6 @@ "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-clustersettings", "platform": "CloudFormation", "descriptionID": "1751124e", - "cloudProvider": "aws" + "cloudProvider": "aws", + "cwe": "778" } diff --git a/assets/queries/cloudFormation/aws/ecs_cluster_not_encrypted_at_rest/metadata.json b/assets/queries/cloudFormation/aws/ecs_cluster_not_encrypted_at_rest/metadata.json index ce39d26abcc..54a1b3e0dcb 100644 --- a/assets/queries/cloudFormation/aws/ecs_cluster_not_encrypted_at_rest/metadata.json +++ b/assets/queries/cloudFormation/aws/ecs_cluster_not_encrypted_at_rest/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "512ea20d", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecs_no_load_balancer_attached/metadata.json b/assets/queries/cloudFormation/aws/ecs_no_load_balancer_attached/metadata.json index f03e7721150..cbc65ed0c99 100644 --- a/assets/queries/cloudFormation/aws/ecs_no_load_balancer_attached/metadata.json +++ b/assets/queries/cloudFormation/aws/ecs_no_load_balancer_attached/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "2f3ec772", "cloudProvider": "aws", - "cwe": "" + "cwe": "400" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecs_service_admin_role_is_present/metadata.json b/assets/queries/cloudFormation/aws/ecs_service_admin_role_is_present/metadata.json index e98cdf0dfb6..c264bef6b2a 100644 --- a/assets/queries/cloudFormation/aws/ecs_service_admin_role_is_present/metadata.json +++ b/assets/queries/cloudFormation/aws/ecs_service_admin_role_is_present/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "756701f8", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecs_service_without_running_tasks/metadata.json b/assets/queries/cloudFormation/aws/ecs_service_without_running_tasks/metadata.json index 84316a17ad8..050dfdff1bf 100644 --- a/assets/queries/cloudFormation/aws/ecs_service_without_running_tasks/metadata.json +++ b/assets/queries/cloudFormation/aws/ecs_service_without_running_tasks/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "cd242bdd", "cloudProvider": "aws", - "cwe": "", + "cwe": "665", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/metadata.json b/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/metadata.json index 5b24a9c32a4..b3f87a16567 100644 --- a/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/metadata.json +++ b/assets/queries/cloudFormation/aws/ecs_task_definition_healthcheck_missing/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e2e3a50a", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/metadata.json b/assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/metadata.json index f1f5b8331af..6004f64a107 100644 --- a/assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/metadata.json +++ b/assets/queries/cloudFormation/aws/ecs_task_definition_invalid_cpu_or_memory/metadata.json @@ -3,10 +3,10 @@ "queryName": "ECS Task Definition Invalid CPU or Memory", "severity": "LOW", "category": "Resource Management", - "descriptionText": "In ECS Task Definition of FARGATE launch type if you specify an invalid CPU or Memory value, you will receive an error", + "descriptionText": "In an ECS Task Definition with the FARGATE launch type, specifying an invalid CPU or Memory value will result in an error.", "descriptionUrl": "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html", "platform": "CloudFormation", "descriptionID": "8fa43a9a", "cloudProvider": "aws", - "cwe": "" + "cwe": "697" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/ecs_task_definition_network_mode_not_recommended/metadata.json b/assets/queries/cloudFormation/aws/ecs_task_definition_network_mode_not_recommended/metadata.json index 05975a5fd64..90971e826bb 100644 --- a/assets/queries/cloudFormation/aws/ecs_task_definition_network_mode_not_recommended/metadata.json +++ b/assets/queries/cloudFormation/aws/ecs_task_definition_network_mode_not_recommended/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "bded2e99", "cloudProvider": "aws", - "cwe": "", + "cwe": "665", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/efs_not_encrypted/metadata.json b/assets/queries/cloudFormation/aws/efs_not_encrypted/metadata.json index e8c1bf2ed49..59e893358f2 100644 --- a/assets/queries/cloudFormation/aws/efs_not_encrypted/metadata.json +++ b/assets/queries/cloudFormation/aws/efs_not_encrypted/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e168cb44", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/efs_volume_with_disabled_transit_encryption/metadata.json b/assets/queries/cloudFormation/aws/efs_volume_with_disabled_transit_encryption/metadata.json index ad13c146901..fca660b7152 100644 --- a/assets/queries/cloudFormation/aws/efs_volume_with_disabled_transit_encryption/metadata.json +++ b/assets/queries/cloudFormation/aws/efs_volume_with_disabled_transit_encryption/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "99f92ea6", "cloudProvider": "aws", - "cwe": "", + "cwe": "312", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/efs_without_kms/metadata.json b/assets/queries/cloudFormation/aws/efs_without_kms/metadata.json index 36394e1706a..6fbb277a9e2 100644 --- a/assets/queries/cloudFormation/aws/efs_without_kms/metadata.json +++ b/assets/queries/cloudFormation/aws/efs_without_kms/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "f5a9536a", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/efs_without_tags/metadata.json b/assets/queries/cloudFormation/aws/efs_without_tags/metadata.json index 1ce98430f3f..7812041639d 100644 --- a/assets/queries/cloudFormation/aws/efs_without_tags/metadata.json +++ b/assets/queries/cloudFormation/aws/efs_without_tags/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "a7eb7aff", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/eks_node_group_remote_access/metadata.json b/assets/queries/cloudFormation/aws/eks_node_group_remote_access/metadata.json index 05e67b4c041..2d486bde6c5 100644 --- a/assets/queries/cloudFormation/aws/eks_node_group_remote_access/metadata.json +++ b/assets/queries/cloudFormation/aws/eks_node_group_remote_access/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "b3ebf24c", "cloudProvider": "aws", - "cwe": "", + "cwe": "668", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticache_nodes_not_created_across_multi_az/metadata.json b/assets/queries/cloudFormation/aws/elasticache_nodes_not_created_across_multi_az/metadata.json index cc88cc1bab2..237019237e1 100644 --- a/assets/queries/cloudFormation/aws/elasticache_nodes_not_created_across_multi_az/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticache_nodes_not_created_across_multi_az/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "35f94973", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticache_using_default_port/metadata.json b/assets/queries/cloudFormation/aws/elasticache_using_default_port/metadata.json index 263c3adbe7c..eb7d727466c 100644 --- a/assets/queries/cloudFormation/aws/elasticache_using_default_port/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticache_using_default_port/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "5aef27fd", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticache_with_disabled_at_rest_encryption/metadata.json b/assets/queries/cloudFormation/aws/elasticache_with_disabled_at_rest_encryption/metadata.json index 73be69b3f1a..8133ab7d32d 100644 --- a/assets/queries/cloudFormation/aws/elasticache_with_disabled_at_rest_encryption/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticache_with_disabled_at_rest_encryption/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "86353328", "cloudProvider": "aws", - "cwe": "" + "cwe": "312" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticache_with_disabled_transit_encryption/metadata.json b/assets/queries/cloudFormation/aws/elasticache_with_disabled_transit_encryption/metadata.json index c60e1177ed9..1e6421818c4 100644 --- a/assets/queries/cloudFormation/aws/elasticache_with_disabled_transit_encryption/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticache_with_disabled_transit_encryption/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "b1ce0b9f", "cloudProvider": "aws", - "cwe": "", + "cwe": "312", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticache_without_vpc/metadata.json b/assets/queries/cloudFormation/aws/elasticache_without_vpc/metadata.json index 42fb06c191e..dba09d166f1 100644 --- a/assets/queries/cloudFormation/aws/elasticache_without_vpc/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticache_without_vpc/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "68db93b8", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticsearch_domain_encryption_with_kms_disabled/metadata.json b/assets/queries/cloudFormation/aws/elasticsearch_domain_encryption_with_kms_disabled/metadata.json index f0ca38341c2..e424c569918 100644 --- a/assets/queries/cloudFormation/aws/elasticsearch_domain_encryption_with_kms_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticsearch_domain_encryption_with_kms_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "6700680a", "cloudProvider": "aws", - "cwe": "", + "cwe": "326", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticsearch_logs_disabled/metadata.json b/assets/queries/cloudFormation/aws/elasticsearch_logs_disabled/metadata.json index 3393e51188a..16a41f761aa 100644 --- a/assets/queries/cloudFormation/aws/elasticsearch_logs_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticsearch_logs_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e2451952", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticsearch_not_encrypted_at_rest/metadata.json b/assets/queries/cloudFormation/aws/elasticsearch_not_encrypted_at_rest/metadata.json index daf753420ec..bc7296feed7 100644 --- a/assets/queries/cloudFormation/aws/elasticsearch_not_encrypted_at_rest/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticsearch_not_encrypted_at_rest/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "645512cb", "cloudProvider": "aws", - "cwe": "", + "cwe": "319", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticsearch_with_https_disabled/metadata.json b/assets/queries/cloudFormation/aws/elasticsearch_with_https_disabled/metadata.json index f0a351c88be..5867b2f530d 100644 --- a/assets/queries/cloudFormation/aws/elasticsearch_with_https_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticsearch_with_https_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "8575a1d7", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticsearch_without_iam_authentication/metadata.json b/assets/queries/cloudFormation/aws/elasticsearch_without_iam_authentication/metadata.json index 3f96766d346..256812abb74 100644 --- a/assets/queries/cloudFormation/aws/elasticsearch_without_iam_authentication/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticsearch_without_iam_authentication/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "af727c29", "cloudProvider": "aws", - "cwe": "" + "cwe": "285" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elasticsearch_without_slow_logs/metadata.json b/assets/queries/cloudFormation/aws/elasticsearch_without_slow_logs/metadata.json index 25c6c1b83d9..aca10542aa8 100644 --- a/assets/queries/cloudFormation/aws/elasticsearch_without_slow_logs/metadata.json +++ b/assets/queries/cloudFormation/aws/elasticsearch_without_slow_logs/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "72d32380", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elb_access_log_disabled/metadata.json b/assets/queries/cloudFormation/aws/elb_access_log_disabled/metadata.json index 0ae77985030..d3823454464 100644 --- a/assets/queries/cloudFormation/aws/elb_access_log_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/elb_access_log_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "8f49cae7", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elb_sensitive_port_is_exposed_to_entire_network/metadata.json b/assets/queries/cloudFormation/aws/elb_sensitive_port_is_exposed_to_entire_network/metadata.json index d4221ea7aed..35ee4b3803f 100644 --- a/assets/queries/cloudFormation/aws/elb_sensitive_port_is_exposed_to_entire_network/metadata.json +++ b/assets/queries/cloudFormation/aws/elb_sensitive_port_is_exposed_to_entire_network/metadata.json @@ -9,5 +9,5 @@ "descriptionID": "f26797b1", "aggregation": 183, "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elb_using_insecure_protocols/metadata.json b/assets/queries/cloudFormation/aws/elb_using_insecure_protocols/metadata.json index b9a251a0ab5..e169d8b4a1f 100644 --- a/assets/queries/cloudFormation/aws/elb_using_insecure_protocols/metadata.json +++ b/assets/queries/cloudFormation/aws/elb_using_insecure_protocols/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "cd6bbd85", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elb_using_weak_ciphers/metadata.json b/assets/queries/cloudFormation/aws/elb_using_weak_ciphers/metadata.json index 013d00f6224..bdc8279b672 100644 --- a/assets/queries/cloudFormation/aws/elb_using_weak_ciphers/metadata.json +++ b/assets/queries/cloudFormation/aws/elb_using_weak_ciphers/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "94a91040", "cloudProvider": "aws", - "cwe": "" + "cwe": "326" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elb_v2_alb_access_log_disabled/metadata.json b/assets/queries/cloudFormation/aws/elb_v2_alb_access_log_disabled/metadata.json index 8515fa6818a..1d26e9a6809 100644 --- a/assets/queries/cloudFormation/aws/elb_v2_alb_access_log_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/elb_v2_alb_access_log_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "1b941e35", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elb_with_security_group_without_inbound_rules/metadata.json b/assets/queries/cloudFormation/aws/elb_with_security_group_without_inbound_rules/metadata.json index eb33ab1a124..9c03ebe62e5 100644 --- a/assets/queries/cloudFormation/aws/elb_with_security_group_without_inbound_rules/metadata.json +++ b/assets/queries/cloudFormation/aws/elb_with_security_group_without_inbound_rules/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "3ccdd7d2", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elb_with_security_group_without_outbound_rules/metadata.json b/assets/queries/cloudFormation/aws/elb_with_security_group_without_outbound_rules/metadata.json index 42cf9aa2e8f..61e97d3f36c 100644 --- a/assets/queries/cloudFormation/aws/elb_with_security_group_without_outbound_rules/metadata.json +++ b/assets/queries/cloudFormation/aws/elb_with_security_group_without_outbound_rules/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "7b876844", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/elb_without_secure_protocol/metadata.json b/assets/queries/cloudFormation/aws/elb_without_secure_protocol/metadata.json index 605501186e9..10c440cf32a 100644 --- a/assets/queries/cloudFormation/aws/elb_without_secure_protocol/metadata.json +++ b/assets/queries/cloudFormation/aws/elb_without_secure_protocol/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "0cbd1ac7", "cloudProvider": "aws", - "cwe": "", + "cwe": "319", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/empty_roles_for_ecs_cluster_task_definitions/metadata.json b/assets/queries/cloudFormation/aws/empty_roles_for_ecs_cluster_task_definitions/metadata.json index 35f8f2e5e30..73a0f481da3 100644 --- a/assets/queries/cloudFormation/aws/empty_roles_for_ecs_cluster_task_definitions/metadata.json +++ b/assets/queries/cloudFormation/aws/empty_roles_for_ecs_cluster_task_definitions/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "b47b42b2", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/emr_cluster_without_security_configuration/metadata.json b/assets/queries/cloudFormation/aws/emr_cluster_without_security_configuration/metadata.json index e9ee2b6652a..6e30ab5a420 100644 --- a/assets/queries/cloudFormation/aws/emr_cluster_without_security_configuration/metadata.json +++ b/assets/queries/cloudFormation/aws/emr_cluster_without_security_configuration/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "17e140e2", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/emr_security_configuration_encryptions_enabled/metadata.json b/assets/queries/cloudFormation/aws/emr_security_configuration_encryptions_enabled/metadata.json index 823c1488796..5d7d12e33bb 100644 --- a/assets/queries/cloudFormation/aws/emr_security_configuration_encryptions_enabled/metadata.json +++ b/assets/queries/cloudFormation/aws/emr_security_configuration_encryptions_enabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "672bc6a7", "cloudProvider": "aws", - "cwe": "" + "cwe": "319" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/emr_wihout_vpc/metadata.json b/assets/queries/cloudFormation/aws/emr_wihout_vpc/metadata.json index 69c7f3f4c19..bda32c493a0 100644 --- a/assets/queries/cloudFormation/aws/emr_wihout_vpc/metadata.json +++ b/assets/queries/cloudFormation/aws/emr_wihout_vpc/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "26800d21", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/fully_open_ingress/metadata.json b/assets/queries/cloudFormation/aws/fully_open_ingress/metadata.json index 55a36422ef3..b296f750115 100644 --- a/assets/queries/cloudFormation/aws/fully_open_ingress/metadata.json +++ b/assets/queries/cloudFormation/aws/fully_open_ingress/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "747f49ac", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/gamelift_fleet_ec2_inbound_permissions_with_port_range/metadata.json b/assets/queries/cloudFormation/aws/gamelift_fleet_ec2_inbound_permissions_with_port_range/metadata.json index 4cc4046a1f3..337e6e05bf8 100644 --- a/assets/queries/cloudFormation/aws/gamelift_fleet_ec2_inbound_permissions_with_port_range/metadata.json +++ b/assets/queries/cloudFormation/aws/gamelift_fleet_ec2_inbound_permissions_with_port_range/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "2f59d790", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/geo_restriction_disabled/metadata.json b/assets/queries/cloudFormation/aws/geo_restriction_disabled/metadata.json index dacade84c72..a612c2dfb67 100644 --- a/assets/queries/cloudFormation/aws/geo_restriction_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/geo_restriction_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "18f149b3", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/github_repository_set_to_public/metadata.json b/assets/queries/cloudFormation/aws/github_repository_set_to_public/metadata.json index a94d1cd54f6..c332ebae5fc 100644 --- a/assets/queries/cloudFormation/aws/github_repository_set_to_public/metadata.json +++ b/assets/queries/cloudFormation/aws/github_repository_set_to_public/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "76e2bdab", "cloudProvider": "aws", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/guardduty_detector_disabled/metadata.json b/assets/queries/cloudFormation/aws/guardduty_detector_disabled/metadata.json index 0bbb1156fff..48b233f98fe 100644 --- a/assets/queries/cloudFormation/aws/guardduty_detector_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/guardduty_detector_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "cae19394", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/hardcoded_aws_access_key_in_lambda/metadata.json b/assets/queries/cloudFormation/aws/hardcoded_aws_access_key_in_lambda/metadata.json index a231ca08f23..9f8441669d5 100644 --- a/assets/queries/cloudFormation/aws/hardcoded_aws_access_key_in_lambda/metadata.json +++ b/assets/queries/cloudFormation/aws/hardcoded_aws_access_key_in_lambda/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "ff065e3b", "cloudProvider": "aws", - "cwe": "", + "cwe": "798", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/http_port_open/metadata.json b/assets/queries/cloudFormation/aws/http_port_open/metadata.json index 2dc258ead18..98fb522f2e3 100644 --- a/assets/queries/cloudFormation/aws/http_port_open/metadata.json +++ b/assets/queries/cloudFormation/aws/http_port_open/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "a39efd21", "cloudProvider": "aws", - "cwe": "", + "cwe": "668", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json b/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json index 14567ede9ab..5a6489730a9 100644 --- a/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "24a6978e", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_database_auth_not_enabled/metadata.json b/assets/queries/cloudFormation/aws/iam_database_auth_not_enabled/metadata.json index 69f0d8e56b5..8736f418485 100644 --- a/assets/queries/cloudFormation/aws/iam_database_auth_not_enabled/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_database_auth_not_enabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "e4c2c085", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_group_without_users/metadata.json b/assets/queries/cloudFormation/aws/iam_group_without_users/metadata.json index 6bbf991edd0..4e7bfba6d8c 100644 --- a/assets/queries/cloudFormation/aws/iam_group_without_users/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_group_without_users/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "c23dca47", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_groups_inline_policies/metadata.json b/assets/queries/cloudFormation/aws/iam_groups_inline_policies/metadata.json index cb2b5f85810..61c8671ec1e 100644 --- a/assets/queries/cloudFormation/aws/iam_groups_inline_policies/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_groups_inline_policies/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e89236a1", "cloudProvider": "aws", - "cwe": "" + "cwe": "286" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_managed_policy_applied_to_a_user/metadata.json b/assets/queries/cloudFormation/aws/iam_managed_policy_applied_to_a_user/metadata.json index fa667f682e7..bcbb0ea44bb 100644 --- a/assets/queries/cloudFormation/aws/iam_managed_policy_applied_to_a_user/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_managed_policy_applied_to_a_user/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e7fa1d68", "cloudProvider": "aws", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_password_without_minimum_length/metadata.json b/assets/queries/cloudFormation/aws/iam_password_without_minimum_length/metadata.json index 705ac110623..5bb8e20acf4 100644 --- a/assets/queries/cloudFormation/aws/iam_password_without_minimum_length/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_password_without_minimum_length/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "46859482", "cloudProvider": "aws", - "cwe": "", + "cwe": "710", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_policies_attached_to_user/metadata.json b/assets/queries/cloudFormation/aws/iam_policies_attached_to_user/metadata.json index e43a6ce2f92..79f3259d0be 100644 --- a/assets/queries/cloudFormation/aws/iam_policies_attached_to_user/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_policies_attached_to_user/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "c1857bae", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_policies_with_full_privileges/metadata.json b/assets/queries/cloudFormation/aws/iam_policies_with_full_privileges/metadata.json index 0bcd43ffe9c..d0d19d83bac 100644 --- a/assets/queries/cloudFormation/aws/iam_policies_with_full_privileges/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_policies_with_full_privileges/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "faa72156", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_policies_without_groups/metadata.json b/assets/queries/cloudFormation/aws/iam_policies_without_groups/metadata.json index b9ec6913b3b..33ba4f724b2 100644 --- a/assets/queries/cloudFormation/aws/iam_policies_without_groups/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_policies_without_groups/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "d9bcf74d", "cloudProvider": "aws", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_policy_grants_assumerole_permission_across_all_services/metadata.json b/assets/queries/cloudFormation/aws/iam_policy_grants_assumerole_permission_across_all_services/metadata.json index 6ed6c281ea2..4cbd1441cf0 100644 --- a/assets/queries/cloudFormation/aws/iam_policy_grants_assumerole_permission_across_all_services/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_policy_grants_assumerole_permission_across_all_services/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "eba1aa1b", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_policy_grants_full_permissions/metadata.json b/assets/queries/cloudFormation/aws/iam_policy_grants_full_permissions/metadata.json index fd08923a7e5..280f0ded9f4 100644 --- a/assets/queries/cloudFormation/aws/iam_policy_grants_full_permissions/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_policy_grants_full_permissions/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "d4158e76", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_policy_on_user/metadata.json b/assets/queries/cloudFormation/aws/iam_policy_on_user/metadata.json index 840ab00a807..ca371e87dbb 100644 --- a/assets/queries/cloudFormation/aws/iam_policy_on_user/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_policy_on_user/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "50f7785d", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_role_allows_all_principals_to_assume/metadata.json b/assets/queries/cloudFormation/aws/iam_role_allows_all_principals_to_assume/metadata.json index b3439bc20e3..ab3153ef2e1 100644 --- a/assets/queries/cloudFormation/aws/iam_role_allows_all_principals_to_assume/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_role_allows_all_principals_to_assume/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "13e52bb7", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_user_login_profile_password_is_in_plaintext/metadata.json b/assets/queries/cloudFormation/aws/iam_user_login_profile_password_is_in_plaintext/metadata.json index 5d8887fe523..beff7086235 100644 --- a/assets/queries/cloudFormation/aws/iam_user_login_profile_password_is_in_plaintext/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_user_login_profile_password_is_in_plaintext/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "0dc817e6", "cloudProvider": "aws", - "cwe": "", + "cwe": "256", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_user_too_many_access_keys/metadata.json b/assets/queries/cloudFormation/aws/iam_user_too_many_access_keys/metadata.json index cfb13ccc3cb..4619d1b5bb8 100644 --- a/assets/queries/cloudFormation/aws/iam_user_too_many_access_keys/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_user_too_many_access_keys/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "90135931", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iam_user_with_no_group/metadata.json b/assets/queries/cloudFormation/aws/iam_user_with_no_group/metadata.json index 69bd98db189..d19539c070e 100644 --- a/assets/queries/cloudFormation/aws/iam_user_with_no_group/metadata.json +++ b/assets/queries/cloudFormation/aws/iam_user_with_no_group/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "d7e9b179", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/inline_policies_are_attached_to_ecs_service/metadata.json b/assets/queries/cloudFormation/aws/inline_policies_are_attached_to_ecs_service/metadata.json index efeae12526d..ccdf49e560f 100644 --- a/assets/queries/cloudFormation/aws/inline_policies_are_attached_to_ecs_service/metadata.json +++ b/assets/queries/cloudFormation/aws/inline_policies_are_attached_to_ecs_service/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "4706b78f", "cloudProvider": "aws", - "cwe": "", + "cwe": "286", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/instance_with_no_vpc/metadata.json b/assets/queries/cloudFormation/aws/instance_with_no_vpc/metadata.json index d6482c0957d..eb780e4de48 100644 --- a/assets/queries/cloudFormation/aws/instance_with_no_vpc/metadata.json +++ b/assets/queries/cloudFormation/aws/instance_with_no_vpc/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "c2bb3a56", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iot_policy_allows_action_as_wildcard/metadata.json b/assets/queries/cloudFormation/aws/iot_policy_allows_action_as_wildcard/metadata.json index 571ba84e706..5f07bbbd0a3 100644 --- a/assets/queries/cloudFormation/aws/iot_policy_allows_action_as_wildcard/metadata.json +++ b/assets/queries/cloudFormation/aws/iot_policy_allows_action_as_wildcard/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e4417496", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/iot_policy_allows_wildcard_resource/metadata.json b/assets/queries/cloudFormation/aws/iot_policy_allows_wildcard_resource/metadata.json index db41eff55d6..60d3f263570 100644 --- a/assets/queries/cloudFormation/aws/iot_policy_allows_wildcard_resource/metadata.json +++ b/assets/queries/cloudFormation/aws/iot_policy_allows_wildcard_resource/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "d5e52bc7", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/kinesis_sse_not_configured/metadata.json b/assets/queries/cloudFormation/aws/kinesis_sse_not_configured/metadata.json index 4e7c43dd8d0..d25ee283ba3 100644 --- a/assets/queries/cloudFormation/aws/kinesis_sse_not_configured/metadata.json +++ b/assets/queries/cloudFormation/aws/kinesis_sse_not_configured/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "a8238dc8", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/kms_allows_wildcard_principal/metadata.json b/assets/queries/cloudFormation/aws/kms_allows_wildcard_principal/metadata.json index e5266e615ff..c226215b8d4 100644 --- a/assets/queries/cloudFormation/aws/kms_allows_wildcard_principal/metadata.json +++ b/assets/queries/cloudFormation/aws/kms_allows_wildcard_principal/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "0b89626d", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/kms_enable_key_rotation_disabled/metadata.json b/assets/queries/cloudFormation/aws/kms_enable_key_rotation_disabled/metadata.json index 5e8c0040b61..931ffe02b31 100644 --- a/assets/queries/cloudFormation/aws/kms_enable_key_rotation_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/kms_enable_key_rotation_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "323313bc", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/kms_key_with_full_permissions/metadata.json b/assets/queries/cloudFormation/aws/kms_key_with_full_permissions/metadata.json index 82ca750f424..1a30551b56a 100644 --- a/assets/queries/cloudFormation/aws/kms_key_with_full_permissions/metadata.json +++ b/assets/queries/cloudFormation/aws/kms_key_with_full_permissions/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "1f88b704", "cloudProvider": "aws", - "cwe": "" + "cwe": "326" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/lambda_function_without_dead_letter_queue/metadata.json b/assets/queries/cloudFormation/aws/lambda_function_without_dead_letter_queue/metadata.json index a4a7d9904be..99d242e91d7 100644 --- a/assets/queries/cloudFormation/aws/lambda_function_without_dead_letter_queue/metadata.json +++ b/assets/queries/cloudFormation/aws/lambda_function_without_dead_letter_queue/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "d5d9d047", "cloudProvider": "aws", - "cwe": "" + "cwe": "390" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/lambda_function_without_tags/metadata.json b/assets/queries/cloudFormation/aws/lambda_function_without_tags/metadata.json index b4f20edec35..c17d13e8dda 100644 --- a/assets/queries/cloudFormation/aws/lambda_function_without_tags/metadata.json +++ b/assets/queries/cloudFormation/aws/lambda_function_without_tags/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "664675e7", "cloudProvider": "aws", - "cwe": "", + "cwe": "665", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/lambda_functions_with_full_privileges/metadata.json b/assets/queries/cloudFormation/aws/lambda_functions_with_full_privileges/metadata.json index 3ef4826feea..947876b8144 100644 --- a/assets/queries/cloudFormation/aws/lambda_functions_with_full_privileges/metadata.json +++ b/assets/queries/cloudFormation/aws/lambda_functions_with_full_privileges/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "48d30c57", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/lambda_functions_without_unique_iam_roles/metadata.json b/assets/queries/cloudFormation/aws/lambda_functions_without_unique_iam_roles/metadata.json index 4f6612243d7..0287254fabc 100644 --- a/assets/queries/cloudFormation/aws/lambda_functions_without_unique_iam_roles/metadata.json +++ b/assets/queries/cloudFormation/aws/lambda_functions_without_unique_iam_roles/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "f919ad7e", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/lambda_functions_without_x-ray_tracing/metadata.json b/assets/queries/cloudFormation/aws/lambda_functions_without_x-ray_tracing/metadata.json index bdf156e6f56..5bec97f7f6c 100644 --- a/assets/queries/cloudFormation/aws/lambda_functions_without_x-ray_tracing/metadata.json +++ b/assets/queries/cloudFormation/aws/lambda_functions_without_x-ray_tracing/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "26afaa67", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/lambda_permission_misconfigured/metadata.json b/assets/queries/cloudFormation/aws/lambda_permission_misconfigured/metadata.json index e6c294f5ada..b6bf4404ac4 100644 --- a/assets/queries/cloudFormation/aws/lambda_permission_misconfigured/metadata.json +++ b/assets/queries/cloudFormation/aws/lambda_permission_misconfigured/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "dec6dd24", "cloudProvider": "aws", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/lambda_permission_principal_is_wildcard/metadata.json b/assets/queries/cloudFormation/aws/lambda_permission_principal_is_wildcard/metadata.json index 7ddc9f7dba3..7de4ae5bf3e 100644 --- a/assets/queries/cloudFormation/aws/lambda_permission_principal_is_wildcard/metadata.json +++ b/assets/queries/cloudFormation/aws/lambda_permission_principal_is_wildcard/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "cfa9120c", "cloudProvider": "aws", - "cwe": "" + "cwe": "155" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/low_rds_backup_retention_period/metadata.json b/assets/queries/cloudFormation/aws/low_rds_backup_retention_period/metadata.json index 2ef0a50901f..9a1f86a86be 100644 --- a/assets/queries/cloudFormation/aws/low_rds_backup_retention_period/metadata.json +++ b/assets/queries/cloudFormation/aws/low_rds_backup_retention_period/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "55094eb2", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/mq_broker_is_publicly_accessible/metadata.json b/assets/queries/cloudFormation/aws/mq_broker_is_publicly_accessible/metadata.json index ee81a9a2b9d..ca91e4a5161 100644 --- a/assets/queries/cloudFormation/aws/mq_broker_is_publicly_accessible/metadata.json +++ b/assets/queries/cloudFormation/aws/mq_broker_is_publicly_accessible/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "59b368a9", "cloudProvider": "aws", - "cwe": "", + "cwe": "668", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/mq_broker_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/mq_broker_logging_disabled/metadata.json index dd4e6d5f097..3a66da681cb 100644 --- a/assets/queries/cloudFormation/aws/mq_broker_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/mq_broker_logging_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "3799829c", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/msk_broker_is_publicly_accessible/metadata.json b/assets/queries/cloudFormation/aws/msk_broker_is_publicly_accessible/metadata.json index 5930ad53e0d..0e17ecd30ba 100644 --- a/assets/queries/cloudFormation/aws/msk_broker_is_publicly_accessible/metadata.json +++ b/assets/queries/cloudFormation/aws/msk_broker_is_publicly_accessible/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "dcf6ab9f", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/msk_cluster_encryption_disabled/metadata.json b/assets/queries/cloudFormation/aws/msk_cluster_encryption_disabled/metadata.json index 83ebc6e8034..3ab62de2070 100644 --- a/assets/queries/cloudFormation/aws/msk_cluster_encryption_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/msk_cluster_encryption_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "c8e65b67", "cloudProvider": "aws", - "cwe": "" + "cwe": "319" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/msk_cluster_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/msk_cluster_logging_disabled/metadata.json index 0df10c00a43..50d902e4083 100644 --- a/assets/queries/cloudFormation/aws/msk_cluster_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/msk_cluster_logging_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "1d9a0a75", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/neptune_cluster_with_iam_database_authentication_disabled/metadata.json b/assets/queries/cloudFormation/aws/neptune_cluster_with_iam_database_authentication_disabled/metadata.json index 2f4c213653c..6de36e5e89d 100644 --- a/assets/queries/cloudFormation/aws/neptune_cluster_with_iam_database_authentication_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/neptune_cluster_with_iam_database_authentication_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "39cddadb", "cloudProvider": "aws", - "cwe": "", + "cwe": "285", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/neptune_database_cluster_encryption_disabled/metadata.json b/assets/queries/cloudFormation/aws/neptune_database_cluster_encryption_disabled/metadata.json index fcaa5fe8f77..791a64a5aed 100644 --- a/assets/queries/cloudFormation/aws/neptune_database_cluster_encryption_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/neptune_database_cluster_encryption_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "b2c5f5dd", "cloudProvider": "aws", - "cwe": "", + "cwe": "312", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/public_lambda_via_api_gateway/metadata.json b/assets/queries/cloudFormation/aws/public_lambda_via_api_gateway/metadata.json index 987427b0fdb..e203dbfc6eb 100644 --- a/assets/queries/cloudFormation/aws/public_lambda_via_api_gateway/metadata.json +++ b/assets/queries/cloudFormation/aws/public_lambda_via_api_gateway/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "32ccc415", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_associated_with_public_subnet/metadata.json b/assets/queries/cloudFormation/aws/rds_associated_with_public_subnet/metadata.json index ad13275a7d9..08283cf7563 100644 --- a/assets/queries/cloudFormation/aws/rds_associated_with_public_subnet/metadata.json +++ b/assets/queries/cloudFormation/aws/rds_associated_with_public_subnet/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "be2d1742", "cloudProvider": "aws", - "cwe": "", + "cwe": "200", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_db_instance_publicly_accessible/metadata.json b/assets/queries/cloudFormation/aws/rds_db_instance_publicly_accessible/metadata.json index 3649c69f3d7..a0c8cc5118a 100644 --- a/assets/queries/cloudFormation/aws/rds_db_instance_publicly_accessible/metadata.json +++ b/assets/queries/cloudFormation/aws/rds_db_instance_publicly_accessible/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "dae1e8ab", "cloudProvider": "aws", - "cwe": "", + "cwe": "668", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_db_instance_with_deletion_protection_disabled/metadata.json b/assets/queries/cloudFormation/aws/rds_db_instance_with_deletion_protection_disabled/metadata.json index 986502d7792..ef23d74ca65 100644 --- a/assets/queries/cloudFormation/aws/rds_db_instance_with_deletion_protection_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/rds_db_instance_with_deletion_protection_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "606a0602", "cloudProvider": "aws", - "cwe": "" + "cwe": "459" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_multi_az_deployment_disabled/metadata.json b/assets/queries/cloudFormation/aws/rds_multi_az_deployment_disabled/metadata.json index c60db4f8f2d..52ed4b48f42 100644 --- a/assets/queries/cloudFormation/aws/rds_multi_az_deployment_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/rds_multi_az_deployment_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "4bdb6677", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_storage_encryption_disabled/metadata.json b/assets/queries/cloudFormation/aws/rds_storage_encryption_disabled/metadata.json index 0171e30133f..e0d2134a36f 100644 --- a/assets/queries/cloudFormation/aws/rds_storage_encryption_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/rds_storage_encryption_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "654ec248", "cloudProvider": "aws", - "cwe": "", + "cwe": "312", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_storage_not_encrypted/metadata.json b/assets/queries/cloudFormation/aws/rds_storage_not_encrypted/metadata.json index aee5118756b..984f73d6e62 100644 --- a/assets/queries/cloudFormation/aws/rds_storage_not_encrypted/metadata.json +++ b/assets/queries/cloudFormation/aws/rds_storage_not_encrypted/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "f052de92", "cloudProvider": "aws", - "cwe": "" + "cwe": "312" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_using_default_port/metadata.json b/assets/queries/cloudFormation/aws/rds_using_default_port/metadata.json index b156801d81c..b4791c7ee1d 100644 --- a/assets/queries/cloudFormation/aws/rds_using_default_port/metadata.json +++ b/assets/queries/cloudFormation/aws/rds_using_default_port/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "b5d8d0b5", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/rds_with_backup_disabled/metadata.json b/assets/queries/cloudFormation/aws/rds_with_backup_disabled/metadata.json index 85cbd7d34bf..8e1f32d4c4d 100644 --- a/assets/queries/cloudFormation/aws/rds_with_backup_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/rds_with_backup_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "4ebe02ca", "cloudProvider": "aws", - "cwe": "" + "cwe": "754" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/redshift_cluster_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/redshift_cluster_logging_disabled/metadata.json index c844017ca0b..62b3eca621a 100644 --- a/assets/queries/cloudFormation/aws/redshift_cluster_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/redshift_cluster_logging_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "b84206ae", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/redshift_cluster_without_kms_cmk/metadata.json b/assets/queries/cloudFormation/aws/redshift_cluster_without_kms_cmk/metadata.json index aa85d77b917..41153af7287 100644 --- a/assets/queries/cloudFormation/aws/redshift_cluster_without_kms_cmk/metadata.json +++ b/assets/queries/cloudFormation/aws/redshift_cluster_without_kms_cmk/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "e460a7a7", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/redshift_not_encrypted/metadata.json b/assets/queries/cloudFormation/aws/redshift_not_encrypted/metadata.json index 0658761aa1f..d2b4a51cdd7 100644 --- a/assets/queries/cloudFormation/aws/redshift_not_encrypted/metadata.json +++ b/assets/queries/cloudFormation/aws/redshift_not_encrypted/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "5605695c", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/redshift_publicly_accessible/metadata.json b/assets/queries/cloudFormation/aws/redshift_publicly_accessible/metadata.json index 8b0700e4fbb..8800e7ecd46 100644 --- a/assets/queries/cloudFormation/aws/redshift_publicly_accessible/metadata.json +++ b/assets/queries/cloudFormation/aws/redshift_publicly_accessible/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "407e0863", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/redshift_using_default_port/metadata.json b/assets/queries/cloudFormation/aws/redshift_using_default_port/metadata.json index 47fd792308d..bd14bba52dc 100644 --- a/assets/queries/cloudFormation/aws/redshift_using_default_port/metadata.json +++ b/assets/queries/cloudFormation/aws/redshift_using_default_port/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e2aa0fb8", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/refresh_token_is_exposed/metadata.json b/assets/queries/cloudFormation/aws/refresh_token_is_exposed/metadata.json index 4fe659e7f53..e245091d7de 100644 --- a/assets/queries/cloudFormation/aws/refresh_token_is_exposed/metadata.json +++ b/assets/queries/cloudFormation/aws/refresh_token_is_exposed/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "c752c5a6", "cloudProvider": "aws", - "cwe": "", + "cwe": "522", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/remote_desktop_port_open_to_internet/metadata.json b/assets/queries/cloudFormation/aws/remote_desktop_port_open_to_internet/metadata.json index 26f621d583f..466a1c1afe6 100644 --- a/assets/queries/cloudFormation/aws/remote_desktop_port_open_to_internet/metadata.json +++ b/assets/queries/cloudFormation/aws/remote_desktop_port_open_to_internet/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "2e4ef03f", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/root_account_has_active_access_keys/metadata.json b/assets/queries/cloudFormation/aws/root_account_has_active_access_keys/metadata.json index f6f584c7b72..37f19ceb07b 100644 --- a/assets/queries/cloudFormation/aws/root_account_has_active_access_keys/metadata.json +++ b/assets/queries/cloudFormation/aws/root_account_has_active_access_keys/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "195ebcdb", "cloudProvider": "aws", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/route53_record_undefined/metadata.json b/assets/queries/cloudFormation/aws/route53_record_undefined/metadata.json index 3183d0894d6..2d836f1118f 100644 --- a/assets/queries/cloudFormation/aws/route53_record_undefined/metadata.json +++ b/assets/queries/cloudFormation/aws/route53_record_undefined/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "268f1d77", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/routertable_with_default_routing/metadata.json b/assets/queries/cloudFormation/aws/routertable_with_default_routing/metadata.json index 1328d93f0de..108b5074479 100644 --- a/assets/queries/cloudFormation/aws/routertable_with_default_routing/metadata.json +++ b/assets/queries/cloudFormation/aws/routertable_with_default_routing/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "1f341247", "cloudProvider": "aws", - "cwe": "", + "cwe": "710", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_access_to_any_principal/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_access_to_any_principal/metadata.json index 6540daa7718..a0e1ac12050 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_access_to_any_principal/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_access_to_any_principal/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "9a57423d", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_or_write_to_all_users/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_or_write_to_all_users/metadata.json index e5c2b86a2e0..e7d59d78b34 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_or_write_to_all_users/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_or_write_to_all_users/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "68456465", "cloudProvider": "aws", - "cwe": "", + "cwe": "732", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_to_all_users/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_to_all_users/metadata.json index f3e81e65695..d33c31284c0 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_to_all_users/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_to_all_users/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "cfd67020", "cloudProvider": "aws", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_to_any_authenticated_user/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_to_any_authenticated_user/metadata.json index b905d2dc2f6..ce33a6b1447 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_to_any_authenticated_user/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_acl_allows_read_to_any_authenticated_user/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "25d149a4", "cloudProvider": "aws", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_allows_delete_actions_from_all_principals/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_allows_delete_actions_from_all_principals/metadata.json index be05f1221f8..733e745bce9 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_allows_delete_actions_from_all_principals/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_allows_delete_actions_from_all_principals/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "0a34aa34", "cloudProvider": "aws", - "cwe": "", + "cwe": "732", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_allows_get_actions_from_all_principals/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_allows_get_actions_from_all_principals/metadata.json index a3acc3c74c9..4e762280aaa 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_allows_get_actions_from_all_principals/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_allows_get_actions_from_all_principals/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "5d8cf376", "cloudProvider": "aws", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_allows_list_actions_from_all_principals/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_allows_list_actions_from_all_principals/metadata.json index cafee939c32..7211a2f42a8 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_allows_list_actions_from_all_principals/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_allows_list_actions_from_all_principals/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "755801fc", "cloudProvider": "aws", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_allows_public_acl/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_allows_public_acl/metadata.json index 4b05c7961f1..9afb979b1e3 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_allows_public_acl/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_allows_public_acl/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "f962a2d5", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_allows_put_actions_from_all_principals/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_allows_put_actions_from_all_principals/metadata.json index 52df5c4707f..7c616084b44 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_allows_put_actions_from_all_principals/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_allows_put_actions_from_all_principals/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "9d094f81", "cloudProvider": "aws", - "cwe": "", + "cwe": "732", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_allows_restore_actions_from_all_principals/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_allows_restore_actions_from_all_principals/metadata.json index 0b51a6ac54d..0b8e11feb79 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_allows_restore_actions_from_all_principals/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_allows_restore_actions_from_all_principals/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "0a41482e", "cloudProvider": "aws", - "cwe": "" + "cwe": "732" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_cloudtrail_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_cloudtrail_logging_disabled/metadata.json index b0c2256e1f1..fd922cf472a 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_cloudtrail_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_cloudtrail_logging_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "00649261", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_logging_disabled/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_logging_disabled/metadata.json index 849918c97ed..5f6c39d631c 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_logging_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_logging_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "ce3728e6", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_should_have_bucket_policy/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_should_have_bucket_policy/metadata.json index 1aceb38b447..ff3c94b9411 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_should_have_bucket_policy/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_should_have_bucket_policy/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "2b429546", "cloudProvider": "aws", - "cwe": "", + "cwe": "665", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_with_all_permissions/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_with_all_permissions/metadata.json index fe5990a5f46..c806569728c 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_with_all_permissions/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_with_all_permissions/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "65883f5a", "cloudProvider": "aws", - "cwe": "", + "cwe": "732", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_with_public_policy/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_with_public_policy/metadata.json index c893ece6f64..f88fbf6c1dc 100755 --- a/assets/queries/cloudFormation/aws/s3_bucket_with_public_policy/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_with_public_policy/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "bfe99abf", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_with_unsecured_cors_rule/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_with_unsecured_cors_rule/metadata.json index 784c3c4e63b..98c72e9ce48 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_with_unsecured_cors_rule/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_with_unsecured_cors_rule/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "f616509e", "cloudProvider": "aws", - "cwe": "", + "cwe": "710", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_without_ignore_public_acl/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_without_ignore_public_acl/metadata.json index 1136b367d13..828515945cc 100755 --- a/assets/queries/cloudFormation/aws/s3_bucket_without_ignore_public_acl/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_without_ignore_public_acl/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "74146c20", "cloudProvider": "aws", - "cwe": "", + "cwe": "668", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_without_restriction_of_public_bucket/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_without_restriction_of_public_bucket/metadata.json index b8ce71f590a..a83d9776008 100755 --- a/assets/queries/cloudFormation/aws/s3_bucket_without_restriction_of_public_bucket/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_without_restriction_of_public_bucket/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "f9a4d93a", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_without_server_side_encryption/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_without_server_side_encryption/metadata.json index faab71247df..0b86d8360b4 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_without_server_side_encryption/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_without_server_side_encryption/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "314a460b", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_without_ssl_in_write_actions/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_without_ssl_in_write_actions/metadata.json index 81314fa57ab..80677c1c6d5 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_without_ssl_in_write_actions/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_without_ssl_in_write_actions/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "907676d7", "cloudProvider": "aws", - "cwe": "", + "cwe": "319", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_bucket_without_versioning/metadata.json b/assets/queries/cloudFormation/aws/s3_bucket_without_versioning/metadata.json index b2842d7b4e9..ae56c435364 100644 --- a/assets/queries/cloudFormation/aws/s3_bucket_without_versioning/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_bucket_without_versioning/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "fe2c56b9", "cloudProvider": "aws", - "cwe": "" + "cwe": "326" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/s3_static_website_host_enabled/metadata.json b/assets/queries/cloudFormation/aws/s3_static_website_host_enabled/metadata.json index 762e864da3f..244b19cf93c 100644 --- a/assets/queries/cloudFormation/aws/s3_static_website_host_enabled/metadata.json +++ b/assets/queries/cloudFormation/aws/s3_static_website_host_enabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "b50aab99", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sagemaker_data_encryption_disabled/metadata.json b/assets/queries/cloudFormation/aws/sagemaker_data_encryption_disabled/metadata.json index da776bca78b..8a507b74c07 100644 --- a/assets/queries/cloudFormation/aws/sagemaker_data_encryption_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/sagemaker_data_encryption_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "41b14673", "cloudProvider": "aws", - "cwe": "" + "cwe": "312" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sagemaker_enabling_internet_access/metadata.json b/assets/queries/cloudFormation/aws/sagemaker_enabling_internet_access/metadata.json index df379d8e707..ecb18cb1520 100644 --- a/assets/queries/cloudFormation/aws/sagemaker_enabling_internet_access/metadata.json +++ b/assets/queries/cloudFormation/aws/sagemaker_enabling_internet_access/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "6e8543a2", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sagemaker_endpoint_config_should_specify_kms_key_id_attribute/metadata.json b/assets/queries/cloudFormation/aws/sagemaker_endpoint_config_should_specify_kms_key_id_attribute/metadata.json index 8ce87b0005f..14feb6a6036 100644 --- a/assets/queries/cloudFormation/aws/sagemaker_endpoint_config_should_specify_kms_key_id_attribute/metadata.json +++ b/assets/queries/cloudFormation/aws/sagemaker_endpoint_config_should_specify_kms_key_id_attribute/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "7c9fa4bf", "cloudProvider": "aws", - "cwe": "" + "cwe": "311" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sagemaker_notebook_not_placed_in_vpc/metadata.json b/assets/queries/cloudFormation/aws/sagemaker_notebook_not_placed_in_vpc/metadata.json index 3c51517677d..5a663b59e10 100644 --- a/assets/queries/cloudFormation/aws/sagemaker_notebook_not_placed_in_vpc/metadata.json +++ b/assets/queries/cloudFormation/aws/sagemaker_notebook_not_placed_in_vpc/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "d062ca53", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sdb_domain_declared_as_a_resource/metadata.json b/assets/queries/cloudFormation/aws/sdb_domain_declared_as_a_resource/metadata.json index 4a84566f484..b3871991a9d 100644 --- a/assets/queries/cloudFormation/aws/sdb_domain_declared_as_a_resource/metadata.json +++ b/assets/queries/cloudFormation/aws/sdb_domain_declared_as_a_resource/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e6c6a7cf", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/secrets_manager_should_specify_kms_key_id/metadata.json b/assets/queries/cloudFormation/aws/secrets_manager_should_specify_kms_key_id/metadata.json index 8ff6d30a77b..a3240c68d67 100644 --- a/assets/queries/cloudFormation/aws/secrets_manager_should_specify_kms_key_id/metadata.json +++ b/assets/queries/cloudFormation/aws/secrets_manager_should_specify_kms_key_id/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "d78bb871", "cloudProvider": "aws", - "cwe": "", + "cwe": "326", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/secure_ciphers_disabled/metadata.json b/assets/queries/cloudFormation/aws/secure_ciphers_disabled/metadata.json index e240895df15..19693b0c389 100644 --- a/assets/queries/cloudFormation/aws/secure_ciphers_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/secure_ciphers_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "9ce51226", "cloudProvider": "aws", - "cwe": "", + "cwe": "326", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_group_egress_cidr_open_to_world/metadata.json b/assets/queries/cloudFormation/aws/security_group_egress_cidr_open_to_world/metadata.json index ef6b9ad3076..ee98a3f5de1 100644 --- a/assets/queries/cloudFormation/aws/security_group_egress_cidr_open_to_world/metadata.json +++ b/assets/queries/cloudFormation/aws/security_group_egress_cidr_open_to_world/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "ec506916", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_group_egress_with_all_protocols/metadata.json b/assets/queries/cloudFormation/aws/security_group_egress_with_all_protocols/metadata.json index 4097626bd8c..6977d44acab 100644 --- a/assets/queries/cloudFormation/aws/security_group_egress_with_all_protocols/metadata.json +++ b/assets/queries/cloudFormation/aws/security_group_egress_with_all_protocols/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "b3e66493", "cloudProvider": "aws", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_group_egress_with_port_range/metadata.json b/assets/queries/cloudFormation/aws/security_group_egress_with_port_range/metadata.json index 9abc01e64b1..707dc5f4aa9 100644 --- a/assets/queries/cloudFormation/aws/security_group_egress_with_port_range/metadata.json +++ b/assets/queries/cloudFormation/aws/security_group_egress_with_port_range/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "af27e909", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_group_ingress_has_cidr_not_recommended/metadata.json b/assets/queries/cloudFormation/aws/security_group_ingress_has_cidr_not_recommended/metadata.json index 745234f2ec2..365e0c31b36 100644 --- a/assets/queries/cloudFormation/aws/security_group_ingress_has_cidr_not_recommended/metadata.json +++ b/assets/queries/cloudFormation/aws/security_group_ingress_has_cidr_not_recommended/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "443ba8e1", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_group_ingress_with_all_protocols/metadata.json b/assets/queries/cloudFormation/aws/security_group_ingress_with_all_protocols/metadata.json index a6569aea7d8..699ce30909e 100644 --- a/assets/queries/cloudFormation/aws/security_group_ingress_with_all_protocols/metadata.json +++ b/assets/queries/cloudFormation/aws/security_group_ingress_with_all_protocols/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "c067ceb5", "cloudProvider": "aws", - "cwe": "" + "cwe": "200" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_group_ingress_with_port_range/metadata.json b/assets/queries/cloudFormation/aws/security_group_ingress_with_port_range/metadata.json index e7981e4a023..d46187c57fb 100644 --- a/assets/queries/cloudFormation/aws/security_group_ingress_with_port_range/metadata.json +++ b/assets/queries/cloudFormation/aws/security_group_ingress_with_port_range/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "5f2b65f3", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_group_rule_without_description/metadata.json b/assets/queries/cloudFormation/aws/security_group_rule_without_description/metadata.json index a247f4c3882..c0576f16e7c 100644 --- a/assets/queries/cloudFormation/aws/security_group_rule_without_description/metadata.json +++ b/assets/queries/cloudFormation/aws/security_group_rule_without_description/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "f7c62b11", "cloudProvider": "aws", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_groups_allows_unrestricted_outbound_traffic/metadata.json b/assets/queries/cloudFormation/aws/security_groups_allows_unrestricted_outbound_traffic/metadata.json index 6e2f5b92baa..478b94deb22 100644 --- a/assets/queries/cloudFormation/aws/security_groups_allows_unrestricted_outbound_traffic/metadata.json +++ b/assets/queries/cloudFormation/aws/security_groups_allows_unrestricted_outbound_traffic/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "05891eb1", "cloudProvider": "aws", - "cwe": "", + "cwe": "200", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_groups_unrestricted_access_to_rdp/metadata.json b/assets/queries/cloudFormation/aws/security_groups_unrestricted_access_to_rdp/metadata.json index d9a1ac8c09c..3a11c281a13 100644 --- a/assets/queries/cloudFormation/aws/security_groups_unrestricted_access_to_rdp/metadata.json +++ b/assets/queries/cloudFormation/aws/security_groups_unrestricted_access_to_rdp/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "ee6a21e3", "cloudProvider": "aws", - "cwe": "" + "cwe": "1188" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_groups_with_exhibited_admin_ports/metadata.json b/assets/queries/cloudFormation/aws/security_groups_with_exhibited_admin_ports/metadata.json index 500db42ccca..9a7ad5994ac 100644 --- a/assets/queries/cloudFormation/aws/security_groups_with_exhibited_admin_ports/metadata.json +++ b/assets/queries/cloudFormation/aws/security_groups_with_exhibited_admin_ports/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e14121d4", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_groups_with_meta_ip/metadata.json b/assets/queries/cloudFormation/aws/security_groups_with_meta_ip/metadata.json index 01881403139..8df08525f27 100644 --- a/assets/queries/cloudFormation/aws/security_groups_with_meta_ip/metadata.json +++ b/assets/queries/cloudFormation/aws/security_groups_with_meta_ip/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "868a9ec5", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_groups_with_unrestricted_access_to_ssh/metadata.json b/assets/queries/cloudFormation/aws/security_groups_with_unrestricted_access_to_ssh/metadata.json index 7bb63bd326f..a6f7eb84b7f 100644 --- a/assets/queries/cloudFormation/aws/security_groups_with_unrestricted_access_to_ssh/metadata.json +++ b/assets/queries/cloudFormation/aws/security_groups_with_unrestricted_access_to_ssh/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "d515d6dc", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/security_groups_without_vpc_attached/metadata.json b/assets/queries/cloudFormation/aws/security_groups_without_vpc_attached/metadata.json index 7a5ac2c5c5a..b409ab848c0 100644 --- a/assets/queries/cloudFormation/aws/security_groups_without_vpc_attached/metadata.json +++ b/assets/queries/cloudFormation/aws/security_groups_without_vpc_attached/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "8664bd98", "cloudProvider": "aws", - "cwe": "", + "cwe": "665", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/shield_advanced_not_in_use/metadata.json b/assets/queries/cloudFormation/aws/shield_advanced_not_in_use/metadata.json index 5dd67aff3f1..b921b13de70 100644 --- a/assets/queries/cloudFormation/aws/shield_advanced_not_in_use/metadata.json +++ b/assets/queries/cloudFormation/aws/shield_advanced_not_in_use/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "ae5e799c", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sns_topic_is_publicly_accessible/metadata.json b/assets/queries/cloudFormation/aws/sns_topic_is_publicly_accessible/metadata.json index b4aa3d65449..9b0216ddc4f 100644 --- a/assets/queries/cloudFormation/aws/sns_topic_is_publicly_accessible/metadata.json +++ b/assets/queries/cloudFormation/aws/sns_topic_is_publicly_accessible/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "93100b84", "cloudProvider": "aws", - "cwe": "", + "cwe": "284", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sns_topic_publicity_has_allow_and_not_action_simultaneously/metadata.json b/assets/queries/cloudFormation/aws/sns_topic_publicity_has_allow_and_not_action_simultaneously/metadata.json index 74a5b8685fc..f8bdc03b152 100644 --- a/assets/queries/cloudFormation/aws/sns_topic_publicity_has_allow_and_not_action_simultaneously/metadata.json +++ b/assets/queries/cloudFormation/aws/sns_topic_publicity_has_allow_and_not_action_simultaneously/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "a4bd80b0", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sns_topic_without_kms_master_key_id/metadata.json b/assets/queries/cloudFormation/aws/sns_topic_without_kms_master_key_id/metadata.json index 3746eb93ef6..4d9c0cfcc57 100644 --- a/assets/queries/cloudFormation/aws/sns_topic_without_kms_master_key_id/metadata.json +++ b/assets/queries/cloudFormation/aws/sns_topic_without_kms_master_key_id/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "a8a19ba3", "cloudProvider": "aws", - "cwe": "", + "cwe": "326", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sqs_policy_with_public_access/metadata.json b/assets/queries/cloudFormation/aws/sqs_policy_with_public_access/metadata.json index 0db55208ef7..8d694aec486 100644 --- a/assets/queries/cloudFormation/aws/sqs_policy_with_public_access/metadata.json +++ b/assets/queries/cloudFormation/aws/sqs_policy_with_public_access/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "a232933e", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/sqs_with_sse_disabled/metadata.json b/assets/queries/cloudFormation/aws/sqs_with_sse_disabled/metadata.json index 85538edb654..c8c61bdcaae 100644 --- a/assets/queries/cloudFormation/aws/sqs_with_sse_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/sqs_with_sse_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "7c3c1b44", "cloudProvider": "aws", - "cwe": "" + "cwe": "319" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/stack_notifications_disabled/metadata.json b/assets/queries/cloudFormation/aws/stack_notifications_disabled/metadata.json index b143ea93647..e078aa13c17 100644 --- a/assets/queries/cloudFormation/aws/stack_notifications_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/stack_notifications_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "1e12925e", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/stack_retention_disabled/metadata.json b/assets/queries/cloudFormation/aws/stack_retention_disabled/metadata.json index 7840c35d17c..ee2b0df2d4e 100644 --- a/assets/queries/cloudFormation/aws/stack_retention_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/stack_retention_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "2f8bf223", "cloudProvider": "aws", - "cwe": "" + "cwe": "404" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/support_has_no_role_associated/metadata.json b/assets/queries/cloudFormation/aws/support_has_no_role_associated/metadata.json index 34f3c19eded..ee9886b22f7 100644 --- a/assets/queries/cloudFormation/aws/support_has_no_role_associated/metadata.json +++ b/assets/queries/cloudFormation/aws/support_has_no_role_associated/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "42d28f69", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/tcp_or_udp_protocol_network_acl_entry_allows_all_ports/metadata.json b/assets/queries/cloudFormation/aws/tcp_or_udp_protocol_network_acl_entry_allows_all_ports/metadata.json index 871dac58775..f2c4428d9d4 100644 --- a/assets/queries/cloudFormation/aws/tcp_or_udp_protocol_network_acl_entry_allows_all_ports/metadata.json +++ b/assets/queries/cloudFormation/aws/tcp_or_udp_protocol_network_acl_entry_allows_all_ports/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "51ad2aeb", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } diff --git a/assets/queries/cloudFormation/aws/unknown_port_exposed_to_internet/metadata.json b/assets/queries/cloudFormation/aws/unknown_port_exposed_to_internet/metadata.json index 788b8608881..daf76d9a8ae 100644 --- a/assets/queries/cloudFormation/aws/unknown_port_exposed_to_internet/metadata.json +++ b/assets/queries/cloudFormation/aws/unknown_port_exposed_to_internet/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "0cc0a902", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/unrestricted_security_group_ingress/metadata.json b/assets/queries/cloudFormation/aws/unrestricted_security_group_ingress/metadata.json index 573e715f4b5..8b57f85180d 100644 --- a/assets/queries/cloudFormation/aws/unrestricted_security_group_ingress/metadata.json +++ b/assets/queries/cloudFormation/aws/unrestricted_security_group_ingress/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "08256d31", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/unscanned_ecr_image/metadata.json b/assets/queries/cloudFormation/aws/unscanned_ecr_image/metadata.json index 0ff4cac917e..26ea7f92cff 100644 --- a/assets/queries/cloudFormation/aws/unscanned_ecr_image/metadata.json +++ b/assets/queries/cloudFormation/aws/unscanned_ecr_image/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "f3f139c0", "cloudProvider": "aws", - "cwe": "", + "cwe": "693", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/user_data_contains_encoded_private_key/metadata.json b/assets/queries/cloudFormation/aws/user_data_contains_encoded_private_key/metadata.json index e2c3fc40e1a..1e1265be38f 100644 --- a/assets/queries/cloudFormation/aws/user_data_contains_encoded_private_key/metadata.json +++ b/assets/queries/cloudFormation/aws/user_data_contains_encoded_private_key/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "b8212287", "cloudProvider": "aws", - "cwe": "" + "cwe": "326" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/user_iam_missing_password_reset_required/metadata.json b/assets/queries/cloudFormation/aws/user_iam_missing_password_reset_required/metadata.json index 448f1c94e46..8bc1e39c651 100644 --- a/assets/queries/cloudFormation/aws/user_iam_missing_password_reset_required/metadata.json +++ b/assets/queries/cloudFormation/aws/user_iam_missing_password_reset_required/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "a44edc48", "cloudProvider": "aws", - "cwe": "" + "cwe": "710" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/vpc_attached_with_too_many_gateways/metadata.json b/assets/queries/cloudFormation/aws/vpc_attached_with_too_many_gateways/metadata.json index 886d338fa7b..b36bcf1231a 100644 --- a/assets/queries/cloudFormation/aws/vpc_attached_with_too_many_gateways/metadata.json +++ b/assets/queries/cloudFormation/aws/vpc_attached_with_too_many_gateways/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "1370ae52", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/vpc_flowlogs_disabled/metadata.json b/assets/queries/cloudFormation/aws/vpc_flowlogs_disabled/metadata.json index d43638df4a8..e8186590b42 100644 --- a/assets/queries/cloudFormation/aws/vpc_flowlogs_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws/vpc_flowlogs_disabled/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "0fb02ca5", "cloudProvider": "aws", - "cwe": "", + "cwe": "778", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/vpc_without_attached_subnet/metadata.json b/assets/queries/cloudFormation/aws/vpc_without_attached_subnet/metadata.json index 1ca1e6d6156..9e3ddd1448e 100644 --- a/assets/queries/cloudFormation/aws/vpc_without_attached_subnet/metadata.json +++ b/assets/queries/cloudFormation/aws/vpc_without_attached_subnet/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "23dfbed0", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/vpc_without_network_firewall/metadata.json b/assets/queries/cloudFormation/aws/vpc_without_network_firewall/metadata.json index 1599c804e90..01f2e7d6fb1 100644 --- a/assets/queries/cloudFormation/aws/vpc_without_network_firewall/metadata.json +++ b/assets/queries/cloudFormation/aws/vpc_without_network_firewall/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "f090ffd2", "cloudProvider": "aws", - "cwe": "" + "cwe": "665" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/vulnerable_default_ssl_certificate/metadata.json b/assets/queries/cloudFormation/aws/vulnerable_default_ssl_certificate/metadata.json index 193e0970e58..52e27107d6f 100644 --- a/assets/queries/cloudFormation/aws/vulnerable_default_ssl_certificate/metadata.json +++ b/assets/queries/cloudFormation/aws/vulnerable_default_ssl_certificate/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "ee3b82bc", "cloudProvider": "aws", - "cwe": "", + "cwe": "295", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/webacl_allow_defaultaction/metadata.json b/assets/queries/cloudFormation/aws/webacl_allow_defaultaction/metadata.json index a4cd2797a28..a9b97b90e0a 100644 --- a/assets/queries/cloudFormation/aws/webacl_allow_defaultaction/metadata.json +++ b/assets/queries/cloudFormation/aws/webacl_allow_defaultaction/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "e4327168", "cloudProvider": "aws", - "cwe": "" + "cwe": "284" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/wildcard_in_acm_certificate_domain_name/metadata.json b/assets/queries/cloudFormation/aws/wildcard_in_acm_certificate_domain_name/metadata.json index 90cf2b9e243..a574a06bf6f 100644 --- a/assets/queries/cloudFormation/aws/wildcard_in_acm_certificate_domain_name/metadata.json +++ b/assets/queries/cloudFormation/aws/wildcard_in_acm_certificate_domain_name/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "0affe61c", "cloudProvider": "aws", - "cwe": "" + "cwe": "155" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws/workspace_without_encryption/metadata.json b/assets/queries/cloudFormation/aws/workspace_without_encryption/metadata.json index 317f1d6c62f..499761abe71 100644 --- a/assets/queries/cloudFormation/aws/workspace_without_encryption/metadata.json +++ b/assets/queries/cloudFormation/aws/workspace_without_encryption/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "ed0be490", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/cassandra/metadata.json b/assets/queries/cloudFormation/aws_bom/cassandra/metadata.json index e60d1750fb8..8a752e671ad 100644 --- a/assets/queries/cloudFormation/aws_bom/cassandra/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/cassandra/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "bd2db07c", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/dynamo/metadata.json b/assets/queries/cloudFormation/aws_bom/dynamo/metadata.json index f5759298d7e..fc92ad26c38 100644 --- a/assets/queries/cloudFormation/aws_bom/dynamo/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/dynamo/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "b0d40495", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/ebs/metadata.json b/assets/queries/cloudFormation/aws_bom/ebs/metadata.json index cd09b96f3d7..579e72a814e 100644 --- a/assets/queries/cloudFormation/aws_bom/ebs/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/ebs/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "6869b929", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/efs/metadata.json b/assets/queries/cloudFormation/aws_bom/efs/metadata.json index 2b42e242649..6d33d61e87a 100644 --- a/assets/queries/cloudFormation/aws_bom/efs/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/efs/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "f6d4e4b8", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/elasticache/metadata.json b/assets/queries/cloudFormation/aws_bom/elasticache/metadata.json index d42939392e9..b48f7955eb4 100644 --- a/assets/queries/cloudFormation/aws_bom/elasticache/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/elasticache/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "deea2b5c", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/kinesis/metadata.json b/assets/queries/cloudFormation/aws_bom/kinesis/metadata.json index b8c4b514850..961fa67f929 100644 --- a/assets/queries/cloudFormation/aws_bom/kinesis/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/kinesis/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "4b8f3b90", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/mq/metadata.json b/assets/queries/cloudFormation/aws_bom/mq/metadata.json index 908e2e7f23c..efa0a661e6e 100644 --- a/assets/queries/cloudFormation/aws_bom/mq/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/mq/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "93a9e162", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/msk/metadata.json b/assets/queries/cloudFormation/aws_bom/msk/metadata.json index a43bf5f63e9..3949fcf47dd 100644 --- a/assets/queries/cloudFormation/aws_bom/msk/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/msk/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "7413f967", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/rds/metadata.json b/assets/queries/cloudFormation/aws_bom/rds/metadata.json index d4de5916a61..e5fbb4d8307 100644 --- a/assets/queries/cloudFormation/aws_bom/rds/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/rds/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "77215b57", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/s3_bucket/metadata.json b/assets/queries/cloudFormation/aws_bom/s3_bucket/metadata.json index 9b3a98dd2e3..eecf9a93378 100644 --- a/assets/queries/cloudFormation/aws_bom/s3_bucket/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/s3_bucket/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "a46851fb", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/sns/metadata.json b/assets/queries/cloudFormation/aws_bom/sns/metadata.json index f083d84a9ce..15e0e1c02a0 100644 --- a/assets/queries/cloudFormation/aws_bom/sns/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/sns/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "3cd7a815", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_bom/sqs/metadata.json b/assets/queries/cloudFormation/aws_bom/sqs/metadata.json index 5b26719029d..600034554c0 100644 --- a/assets/queries/cloudFormation/aws_bom/sqs/metadata.json +++ b/assets/queries/cloudFormation/aws_bom/sqs/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "c57e306b", "cloudProvider": "aws", - "cwe": "" + "cwe": "532" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_api_access_logging_setting_undefined/metadata.json b/assets/queries/cloudFormation/aws_sam/serverless_api_access_logging_setting_undefined/metadata.json index 667787125be..1abab5e791b 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_api_access_logging_setting_undefined/metadata.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_api_access_logging_setting_undefined/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "b2bb4961", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_api_cache_cluster_disabled/metadata.json b/assets/queries/cloudFormation/aws_sam/serverless_api_cache_cluster_disabled/metadata.json index 12ad0d645d3..c3461d883ad 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_api_cache_cluster_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_api_cache_cluster_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "1ce59cab", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_api_endpoint_config_not_private/metadata.json b/assets/queries/cloudFormation/aws_sam/serverless_api_endpoint_config_not_private/metadata.json index 613ec5cd1e2..8510b4fc6aa 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_api_endpoint_config_not_private/metadata.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_api_endpoint_config_not_private/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "f86c03cc", "cloudProvider": "aws", - "cwe": "" + "cwe": "668" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_api_without_content_encoding/metadata.json b/assets/queries/cloudFormation/aws_sam/serverless_api_without_content_encoding/metadata.json index d9b3cb2675a..68bd5ffee52 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_api_without_content_encoding/metadata.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_api_without_content_encoding/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "745a11d2", "cloudProvider": "aws", - "cwe": "", + "cwe": "311", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_api_xray_tracing_disabled/metadata.json b/assets/queries/cloudFormation/aws_sam/serverless_api_xray_tracing_disabled/metadata.json index a403d6f1909..e6eb20f72a5 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_api_xray_tracing_disabled/metadata.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_api_xray_tracing_disabled/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "ba685b50", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_function_environment_variables_not_encrypted/metadata.json b/assets/queries/cloudFormation/aws_sam/serverless_function_environment_variables_not_encrypted/metadata.json index 74de2e74d0e..5b600cb894d 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_function_environment_variables_not_encrypted/metadata.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_function_environment_variables_not_encrypted/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "f218e4bc", "cloudProvider": "aws", - "cwe": "", + "cwe": "526", "oldSeverity": "HIGH" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_function_without_dead_letter_queue/metadata.json b/assets/queries/cloudFormation/aws_sam/serverless_function_without_dead_letter_queue/metadata.json index ca5a8671543..4a12b676a16 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_function_without_dead_letter_queue/metadata.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_function_without_dead_letter_queue/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "1142bb9f", "cloudProvider": "aws", - "cwe": "" + "cwe": "390" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_function_without_tags/metadata.json b/assets/queries/cloudFormation/aws_sam/serverless_function_without_tags/metadata.json index b4a2662120c..496e781b7e0 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_function_without_tags/metadata.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_function_without_tags/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "fa1b224c", "cloudProvider": "aws", - "cwe": "", + "cwe": "665", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_function_without_unique_iam_role/metadata.json b/assets/queries/cloudFormation/aws_sam/serverless_function_without_unique_iam_role/metadata.json index ec393a1aaaf..3799267b0e6 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_function_without_unique_iam_role/metadata.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_function_without_unique_iam_role/metadata.json @@ -8,6 +8,6 @@ "platform": "CloudFormation", "descriptionID": "50e760ce", "cloudProvider": "aws", - "cwe": "", + "cwe": "269", "oldSeverity": "MEDIUM" } \ No newline at end of file diff --git a/assets/queries/cloudFormation/aws_sam/serverless_function_without_x-ray_tracing/metadata.json b/assets/queries/cloudFormation/aws_sam/serverless_function_without_x-ray_tracing/metadata.json index fa6a9b45046..458ef2be317 100644 --- a/assets/queries/cloudFormation/aws_sam/serverless_function_without_x-ray_tracing/metadata.json +++ b/assets/queries/cloudFormation/aws_sam/serverless_function_without_x-ray_tracing/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "b0a83f52", "cloudProvider": "aws", - "cwe": "" + "cwe": "778" } \ No newline at end of file From 95732f2182f91b276d2f2851a6233d3b1267b53b Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Tue, 2 Jul 2024 17:24:21 +0100 Subject: [PATCH 08/10] update e2e with cwe infos --- e2e/fixtures/E2E_CLI_032_RESULT.json | 15 +++++++++++++++ e2e/fixtures/E2E_CLI_036_RESULT.json | 13 +++++++++++++ e2e/fixtures/E2E_CLI_036_RESULT_2.json | 1 + e2e/fixtures/E2E_CLI_092_RESULT.json | 7 +++++++ 4 files changed, 36 insertions(+) diff --git a/e2e/fixtures/E2E_CLI_032_RESULT.json b/e2e/fixtures/E2E_CLI_032_RESULT.json index cd00b4d1138..785af40b9cb 100644 --- a/e2e/fixtures/E2E_CLI_032_RESULT.json +++ b/e2e/fixtures/E2E_CLI_032_RESULT.json @@ -32,6 +32,7 @@ "query_url": "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html#create-a-base-security-group", "severity": "HIGH", "platform": "CloudFormation", + "cwe": "668", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -122,6 +123,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", "severity": "HIGH", "platform": "CloudFormation", + "cwe": "668", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -162,6 +164,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-webaclassociation.html", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "778", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -189,6 +192,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html#cfn-ec2-elb-listener-protocol", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "319", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -216,6 +220,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "400", "cloud_provider": "AWS", "category": "Availability", "experimental": false, @@ -243,6 +248,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Insecure Configurations", "experimental": false, @@ -270,6 +276,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupingress", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -297,6 +304,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupegress", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -324,6 +332,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Access Control", "experimental": false, @@ -351,6 +360,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -404,6 +414,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration", "severity": "LOW", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Availability", "experimental": false, @@ -431,6 +442,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html", "severity": "LOW", "platform": "CloudFormation", + "cwe": "778", "cloud_provider": "AWS", "category": "Observability", "experimental": false, @@ -471,6 +483,7 @@ "query_url": "https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html", "severity": "LOW", "platform": "CloudFormation", + "cwe": "778", "cloud_provider": "AWS", "category": "Best Practices", "experimental": false, @@ -498,6 +511,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html", "severity": "LOW", "platform": "CloudFormation", + "cwe": "326", "cloud_provider": "AWS", "category": "Secret Management", "experimental": false, @@ -525,6 +539,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html", "severity": "INFO", "platform": "CloudFormation", + "cwe": "710", "cloud_provider": "AWS", "category": "Best Practices", "experimental": false, diff --git a/e2e/fixtures/E2E_CLI_036_RESULT.json b/e2e/fixtures/E2E_CLI_036_RESULT.json index 4d1d32d0abe..29860a08d08 100644 --- a/e2e/fixtures/E2E_CLI_036_RESULT.json +++ b/e2e/fixtures/E2E_CLI_036_RESULT.json @@ -32,6 +32,7 @@ "query_url": "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html#create-a-base-security-group", "severity": "HIGH", "platform": "CloudFormation", + "cwe": "668", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -72,6 +73,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", "severity": "HIGH", "platform": "CloudFormation", + "cwe": "668", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -112,6 +114,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-webaclassociation.html", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "778", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -139,6 +142,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html#cfn-ec2-elb-listener-protocol", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "778", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -166,6 +170,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "400", "cloud_provider": "AWS", "category": "Availability", "experimental": false, @@ -193,6 +198,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Insecure Configurations", "experimental": false, @@ -220,6 +226,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupingress", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -247,6 +254,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupegress", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, @@ -274,6 +282,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Access Control", "experimental": false, @@ -302,6 +311,7 @@ "severity": "MEDIUM", "platform": "CloudFormation", "cloud_provider": "AWS", + "cwe": "665", "category": "Networking and Firewall", "experimental": false, "description": "AWS Security Group Ingress should have a single port", @@ -354,6 +364,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration", "severity": "LOW", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Availability", "experimental": false, @@ -381,6 +392,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html", "severity": "LOW", "platform": "CloudFormation", + "cwe": "778", "cloud_provider": "AWS", "category": "Observability", "experimental": false, @@ -421,6 +433,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html", "severity": "INFO", "platform": "CloudFormation", + "cwe": "710", "cloud_provider": "AWS", "category": "Best Practices", "experimental": false, diff --git a/e2e/fixtures/E2E_CLI_036_RESULT_2.json b/e2e/fixtures/E2E_CLI_036_RESULT_2.json index b7c73f9d331..f716e88ec5a 100644 --- a/e2e/fixtures/E2E_CLI_036_RESULT_2.json +++ b/e2e/fixtures/E2E_CLI_036_RESULT_2.json @@ -32,6 +32,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "665", "cloud_provider": "AWS", "category": "Networking and Firewall", "experimental": false, diff --git a/e2e/fixtures/E2E_CLI_092_RESULT.json b/e2e/fixtures/E2E_CLI_092_RESULT.json index 9c6dcb59048..bddc0661f41 100644 --- a/e2e/fixtures/E2E_CLI_092_RESULT.json +++ b/e2e/fixtures/E2E_CLI_092_RESULT.json @@ -32,6 +32,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html", "severity": "HIGH", "platform": "CloudFormation", + "cwe": "312", "cloud_provider": "AWS", "category": "Encryption", "experimental": false, @@ -59,6 +60,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html", "severity": "HIGH", "platform": "CloudFormation", + "cwe": "312", "cloud_provider": "AWS", "category": "Encryption", "experimental": false, @@ -86,6 +88,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html", "severity": "MEDIUM", "platform": "CloudFormation", + "cwe": "284", "cloud_provider": "AWS", "category": "Availability", "experimental": false, @@ -113,6 +116,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html", "severity": "LOW", "platform": "CloudFormation", + "cwe": "710", "cloud_provider": "AWS", "category": "Best Practices", "experimental": false, @@ -140,6 +144,7 @@ "query_url": "https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html", "severity": "LOW", "platform": "CloudFormation", + "cwe": "778", "cloud_provider": "AWS", "category": "Best Practices", "experimental": false, @@ -167,6 +172,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html", "severity": "LOW", "platform": "CloudFormation", + "cwe": "778", "cloud_provider": "AWS", "category": "Backup", "experimental": false, @@ -194,6 +200,7 @@ "query_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-deletionprotection", "severity": "LOW", "platform": "CloudFormation", + "cwe": "459", "cloud_provider": "AWS", "category": "Backup", "experimental": false, From 647e0f2a725f6b2b8463703ded2164051f77c87a Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Wed, 18 Sep 2024 15:54:29 +0100 Subject: [PATCH 09/10] add missing cwe to cloudformation query --- .../metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/metadata.json b/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/metadata.json index 2d8f15bf408..7f4b9323342 100644 --- a/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/metadata.json +++ b/assets/queries/cloudFormation/aws/dynamodb_with_table_billing_mode_not_recommended/metadata.json @@ -8,5 +8,5 @@ "platform": "CloudFormation", "descriptionID": "2a9dc4de", "cloudProvider": "aws", - "cwe": "" + "cwe": "913" } \ No newline at end of file From 02291438ca32468971ddfa58c8bb7aec33c469c1 Mon Sep 17 00:00:00 2001 From: Artur Ribeiro Date: Wed, 18 Sep 2024 17:34:14 +0100 Subject: [PATCH 10/10] add missing cwe field to metadata --- .../pulumi/kubernetes/missing_app_armor_config/metadata.json | 2 +- .../pulumi/kubernetes/psp_set_to_privileged/metadata.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/assets/queries/pulumi/kubernetes/missing_app_armor_config/metadata.json b/assets/queries/pulumi/kubernetes/missing_app_armor_config/metadata.json index b6c521128f5..1c8e4452316 100644 --- a/assets/queries/pulumi/kubernetes/missing_app_armor_config/metadata.json +++ b/assets/queries/pulumi/kubernetes/missing_app_armor_config/metadata.json @@ -7,7 +7,7 @@ "descriptionUrl": "https://www.pulumi.com/registry/packages/kubernetes/api-docs/core/v1/pod/#objectmeta", "platform": "Pulumi", "descriptionID": "15676623", - "cwe": "", + "cwe": "284", "cloudProvider": "common", "oldSeverity": "LOW" } \ No newline at end of file diff --git a/assets/queries/pulumi/kubernetes/psp_set_to_privileged/metadata.json b/assets/queries/pulumi/kubernetes/psp_set_to_privileged/metadata.json index 462b34311a8..d628a3a9a2b 100644 --- a/assets/queries/pulumi/kubernetes/psp_set_to_privileged/metadata.json +++ b/assets/queries/pulumi/kubernetes/psp_set_to_privileged/metadata.json @@ -7,7 +7,7 @@ "descriptionUrl": "https://www.pulumi.com/registry/packages/kubernetes/api-docs/policy/v1beta1/podsecuritypolicy/#privileged_yaml", "platform": "Pulumi", "descriptionID": "7a6c8b70", - "cwe": "", + "cwe": "269", "cloudProvider": "common", "oldSeverity": "MEDIUM" } \ No newline at end of file